ctl.c revision 288808 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288808 2015-10-05 11:28:26Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_DEXCPT,
288	/*mrie*/0,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 0}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/0,
297	/*mrie*/0,
298	/*interval_timer*/{0, 0, 0, 0},
299	/*report_count*/{0, 0, 0, 0}
300};
301
302#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303
304const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306	/*subpage_code*/0x02,
307	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308	/*flags*/0,
309	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310	/*descr*/{}},
311	{{/*flags*/0,
312	  /*resource*/0x01,
313	  /*reserved*/{0, 0},
314	  /*count*/{0, 0, 0, 0}},
315	 {/*flags*/0,
316	  /*resource*/0x02,
317	  /*reserved*/{0, 0},
318	  /*count*/{0, 0, 0, 0}},
319	 {/*flags*/0,
320	  /*resource*/0xf1,
321	  /*reserved*/{0, 0},
322	  /*count*/{0, 0, 0, 0}},
323	 {/*flags*/0,
324	  /*resource*/0xf2,
325	  /*reserved*/{0, 0},
326	  /*count*/{0, 0, 0, 0}}
327	}
328};
329
330const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332	/*subpage_code*/0x02,
333	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334	/*flags*/0,
335	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336	/*descr*/{}},
337	{{/*flags*/0,
338	  /*resource*/0,
339	  /*reserved*/{0, 0},
340	  /*count*/{0, 0, 0, 0}},
341	 {/*flags*/0,
342	  /*resource*/0,
343	  /*reserved*/{0, 0},
344	  /*count*/{0, 0, 0, 0}},
345	 {/*flags*/0,
346	  /*resource*/0,
347	  /*reserved*/{0, 0},
348	  /*count*/{0, 0, 0, 0}},
349	 {/*flags*/0,
350	  /*resource*/0,
351	  /*reserved*/{0, 0},
352	  /*count*/{0, 0, 0, 0}}
353	}
354};
355
356SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357static int worker_threads = -1;
358TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
359SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
360    &worker_threads, 1, "Number of worker threads");
361static int ctl_debug = CTL_DEBUG_NONE;
362TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
363SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
364    &ctl_debug, 0, "Enabled debug flags");
365
366/*
367 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
368 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
369 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
370 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
371 */
372#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
373
374static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
375				  int param);
376static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
377static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
378static int ctl_init(void);
379void ctl_shutdown(void);
380static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
381static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
382static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
383static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
384			      struct ctl_ooa *ooa_hdr,
385			      struct ctl_ooa_entry *kern_entries);
386static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
387		     struct thread *td);
388static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
389			 struct ctl_be_lun *be_lun);
390static int ctl_free_lun(struct ctl_lun *lun);
391static void ctl_create_lun(struct ctl_be_lun *be_lun);
392static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
393
394static int ctl_do_mode_select(union ctl_io *io);
395static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
396			   uint64_t res_key, uint64_t sa_res_key,
397			   uint8_t type, uint32_t residx,
398			   struct ctl_scsiio *ctsio,
399			   struct scsi_per_res_out *cdb,
400			   struct scsi_per_res_out_parms* param);
401static void ctl_pro_preempt_other(struct ctl_lun *lun,
402				  union ctl_ha_msg *msg);
403static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
404static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
408static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
409static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
410					 int alloc_len);
411static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
412					 int alloc_len);
413static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
414static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
415static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
416static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
417static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
418static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
419    bool seq);
420static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
421static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
422    union ctl_io *pending_io, union ctl_io *ooa_io);
423static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
424				union ctl_io *starting_io);
425static int ctl_check_blocked(struct ctl_lun *lun);
426static int ctl_scsiio_lun_check(struct ctl_lun *lun,
427				const struct ctl_cmd_entry *entry,
428				struct ctl_scsiio *ctsio);
429static void ctl_failover_lun(union ctl_io *io);
430static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
431			       struct ctl_scsiio *ctsio);
432static int ctl_scsiio(struct ctl_scsiio *ctsio);
433
434static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
435static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
436			    ctl_ua_type ua_type);
437static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
438			 ctl_ua_type ua_type);
439static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
440static int ctl_abort_task(union ctl_io *io);
441static int ctl_abort_task_set(union ctl_io *io);
442static int ctl_query_task(union ctl_io *io, int task_set);
443static int ctl_i_t_nexus_reset(union ctl_io *io);
444static int ctl_query_async_event(union ctl_io *io);
445static void ctl_run_task(union ctl_io *io);
446#ifdef CTL_IO_DELAY
447static void ctl_datamove_timer_wakeup(void *arg);
448static void ctl_done_timer_wakeup(void *arg);
449#endif /* CTL_IO_DELAY */
450
451static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
452static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
453static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
454static void ctl_datamove_remote_write(union ctl_io *io);
455static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
456static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
457static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
458static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
459				    ctl_ha_dt_cb callback);
460static void ctl_datamove_remote_read(union ctl_io *io);
461static void ctl_datamove_remote(union ctl_io *io);
462static void ctl_process_done(union ctl_io *io);
463static void ctl_lun_thread(void *arg);
464static void ctl_thresh_thread(void *arg);
465static void ctl_work_thread(void *arg);
466static void ctl_enqueue_incoming(union ctl_io *io);
467static void ctl_enqueue_rtr(union ctl_io *io);
468static void ctl_enqueue_done(union ctl_io *io);
469static void ctl_enqueue_isc(union ctl_io *io);
470static const struct ctl_cmd_entry *
471    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
472static const struct ctl_cmd_entry *
473    ctl_validate_command(struct ctl_scsiio *ctsio);
474static int ctl_cmd_applicable(uint8_t lun_type,
475    const struct ctl_cmd_entry *entry);
476
477static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
478static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
479static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
480static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
481
482/*
483 * Load the serialization table.  This isn't very pretty, but is probably
484 * the easiest way to do it.
485 */
486#include "ctl_ser_table.c"
487
488/*
489 * We only need to define open, close and ioctl routines for this driver.
490 */
491static struct cdevsw ctl_cdevsw = {
492	.d_version =	D_VERSION,
493	.d_flags =	0,
494	.d_open =	ctl_open,
495	.d_close =	ctl_close,
496	.d_ioctl =	ctl_ioctl,
497	.d_name =	"ctl",
498};
499
500
501MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
502
503static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
504
505static moduledata_t ctl_moduledata = {
506	"ctl",
507	ctl_module_event_handler,
508	NULL
509};
510
511DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
512MODULE_VERSION(ctl, 1);
513
514static struct ctl_frontend ha_frontend =
515{
516	.name = "ha",
517};
518
519static void
520ctl_ha_datamove(union ctl_io *io)
521{
522	struct ctl_lun *lun;
523	struct ctl_sg_entry *sgl;
524	union ctl_ha_msg msg;
525	uint32_t sg_entries_sent;
526	int do_sg_copy, i, j;
527
528	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
529	memset(&msg.dt, 0, sizeof(msg.dt));
530	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
531	msg.hdr.original_sc = io->io_hdr.original_sc;
532	msg.hdr.serializing_sc = io;
533	msg.hdr.nexus = io->io_hdr.nexus;
534	msg.hdr.status = io->io_hdr.status;
535	msg.dt.flags = io->io_hdr.flags;
536
537	/*
538	 * We convert everything into a S/G list here.  We can't
539	 * pass by reference, only by value between controllers.
540	 * So we can't pass a pointer to the S/G list, only as many
541	 * S/G entries as we can fit in here.  If it's possible for
542	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
543	 * then we need to break this up into multiple transfers.
544	 */
545	if (io->scsiio.kern_sg_entries == 0) {
546		msg.dt.kern_sg_entries = 1;
547#if 0
548		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
549			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
550		} else {
551			/* XXX KDM use busdma here! */
552			msg.dt.sg_list[0].addr =
553			    (void *)vtophys(io->scsiio.kern_data_ptr);
554		}
555#else
556		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
557		    ("HA does not support BUS_ADDR"));
558		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
559#endif
560		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
561		do_sg_copy = 0;
562	} else {
563		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
564		do_sg_copy = 1;
565	}
566
567	msg.dt.kern_data_len = io->scsiio.kern_data_len;
568	msg.dt.kern_total_len = io->scsiio.kern_total_len;
569	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
570	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
571	msg.dt.sg_sequence = 0;
572
573	/*
574	 * Loop until we've sent all of the S/G entries.  On the
575	 * other end, we'll recompose these S/G entries into one
576	 * contiguous list before processing.
577	 */
578	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
579	    msg.dt.sg_sequence++) {
580		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
581		    sizeof(msg.dt.sg_list[0])),
582		    msg.dt.kern_sg_entries - sg_entries_sent);
583		if (do_sg_copy != 0) {
584			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
585			for (i = sg_entries_sent, j = 0;
586			     i < msg.dt.cur_sg_entries; i++, j++) {
587#if 0
588				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
589					msg.dt.sg_list[j].addr = sgl[i].addr;
590				} else {
591					/* XXX KDM use busdma here! */
592					msg.dt.sg_list[j].addr =
593					    (void *)vtophys(sgl[i].addr);
594				}
595#else
596				KASSERT((io->io_hdr.flags &
597				    CTL_FLAG_BUS_ADDR) == 0,
598				    ("HA does not support BUS_ADDR"));
599				msg.dt.sg_list[j].addr = sgl[i].addr;
600#endif
601				msg.dt.sg_list[j].len = sgl[i].len;
602			}
603		}
604
605		sg_entries_sent += msg.dt.cur_sg_entries;
606		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
607		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
608		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
609		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
610		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
611			io->io_hdr.port_status = 31341;
612			io->scsiio.be_move_done(io);
613			return;
614		}
615		msg.dt.sent_sg_entries = sg_entries_sent;
616	}
617
618	/*
619	 * Officially handover the request from us to peer.
620	 * If failover has just happened, then we must return error.
621	 * If failover happen just after, then it is not our problem.
622	 */
623	if (lun)
624		mtx_lock(&lun->lun_lock);
625	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
626		if (lun)
627			mtx_unlock(&lun->lun_lock);
628		io->io_hdr.port_status = 31342;
629		io->scsiio.be_move_done(io);
630		return;
631	}
632	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
633	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
634	if (lun)
635		mtx_unlock(&lun->lun_lock);
636}
637
638static void
639ctl_ha_done(union ctl_io *io)
640{
641	union ctl_ha_msg msg;
642
643	if (io->io_hdr.io_type == CTL_IO_SCSI) {
644		memset(&msg, 0, sizeof(msg));
645		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
646		msg.hdr.original_sc = io->io_hdr.original_sc;
647		msg.hdr.nexus = io->io_hdr.nexus;
648		msg.hdr.status = io->io_hdr.status;
649		msg.scsi.scsi_status = io->scsiio.scsi_status;
650		msg.scsi.tag_num = io->scsiio.tag_num;
651		msg.scsi.tag_type = io->scsiio.tag_type;
652		msg.scsi.sense_len = io->scsiio.sense_len;
653		msg.scsi.sense_residual = io->scsiio.sense_residual;
654		msg.scsi.residual = io->scsiio.residual;
655		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
656		    io->scsiio.sense_len);
657		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
658		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
659		    msg.scsi.sense_len, M_WAITOK);
660	}
661	ctl_free_io(io);
662}
663
664static void
665ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
666			    union ctl_ha_msg *msg_info)
667{
668	struct ctl_scsiio *ctsio;
669
670	if (msg_info->hdr.original_sc == NULL) {
671		printf("%s: original_sc == NULL!\n", __func__);
672		/* XXX KDM now what? */
673		return;
674	}
675
676	ctsio = &msg_info->hdr.original_sc->scsiio;
677	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
678	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
679	ctsio->io_hdr.status = msg_info->hdr.status;
680	ctsio->scsi_status = msg_info->scsi.scsi_status;
681	ctsio->sense_len = msg_info->scsi.sense_len;
682	ctsio->sense_residual = msg_info->scsi.sense_residual;
683	ctsio->residual = msg_info->scsi.residual;
684	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
685	       msg_info->scsi.sense_len);
686	ctl_enqueue_isc((union ctl_io *)ctsio);
687}
688
689static void
690ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
691				union ctl_ha_msg *msg_info)
692{
693	struct ctl_scsiio *ctsio;
694
695	if (msg_info->hdr.serializing_sc == NULL) {
696		printf("%s: serializing_sc == NULL!\n", __func__);
697		/* XXX KDM now what? */
698		return;
699	}
700
701	ctsio = &msg_info->hdr.serializing_sc->scsiio;
702	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
703	ctl_enqueue_isc((union ctl_io *)ctsio);
704}
705
706void
707ctl_isc_announce_lun(struct ctl_lun *lun)
708{
709	struct ctl_softc *softc = lun->ctl_softc;
710	union ctl_ha_msg *msg;
711	struct ctl_ha_msg_lun_pr_key pr_key;
712	int i, k;
713
714	if (softc->ha_link != CTL_HA_LINK_ONLINE)
715		return;
716	mtx_lock(&lun->lun_lock);
717	i = sizeof(msg->lun);
718	if (lun->lun_devid)
719		i += lun->lun_devid->len;
720	i += sizeof(pr_key) * lun->pr_key_count;
721alloc:
722	mtx_unlock(&lun->lun_lock);
723	msg = malloc(i, M_CTL, M_WAITOK);
724	mtx_lock(&lun->lun_lock);
725	k = sizeof(msg->lun);
726	if (lun->lun_devid)
727		k += lun->lun_devid->len;
728	k += sizeof(pr_key) * lun->pr_key_count;
729	if (i < k) {
730		free(msg, M_CTL);
731		i = k;
732		goto alloc;
733	}
734	bzero(&msg->lun, sizeof(msg->lun));
735	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
736	msg->hdr.nexus.targ_lun = lun->lun;
737	msg->hdr.nexus.targ_mapped_lun = lun->lun;
738	msg->lun.flags = lun->flags;
739	msg->lun.pr_generation = lun->PRGeneration;
740	msg->lun.pr_res_idx = lun->pr_res_idx;
741	msg->lun.pr_res_type = lun->res_type;
742	msg->lun.pr_key_count = lun->pr_key_count;
743	i = 0;
744	if (lun->lun_devid) {
745		msg->lun.lun_devid_len = lun->lun_devid->len;
746		memcpy(&msg->lun.data[i], lun->lun_devid->data,
747		    msg->lun.lun_devid_len);
748		i += msg->lun.lun_devid_len;
749	}
750	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
751		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
752			continue;
753		pr_key.pr_iid = k;
754		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
755		i += sizeof(pr_key);
756	}
757	mtx_unlock(&lun->lun_lock);
758	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
759	    M_WAITOK);
760	free(msg, M_CTL);
761
762	if (lun->flags & CTL_LUN_PRIMARY_SC) {
763		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
764			ctl_isc_announce_mode(lun, -1,
765			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
766			    lun->mode_pages.index[i].subpage);
767		}
768	}
769}
770
771void
772ctl_isc_announce_port(struct ctl_port *port)
773{
774	struct ctl_softc *softc = port->ctl_softc;
775	union ctl_ha_msg *msg;
776	int i;
777
778	if (port->targ_port < softc->port_min ||
779	    port->targ_port >= softc->port_max ||
780	    softc->ha_link != CTL_HA_LINK_ONLINE)
781		return;
782	i = sizeof(msg->port) + strlen(port->port_name) + 1;
783	if (port->lun_map)
784		i += sizeof(uint32_t) * CTL_MAX_LUNS;
785	if (port->port_devid)
786		i += port->port_devid->len;
787	if (port->target_devid)
788		i += port->target_devid->len;
789	if (port->init_devid)
790		i += port->init_devid->len;
791	msg = malloc(i, M_CTL, M_WAITOK);
792	bzero(&msg->port, sizeof(msg->port));
793	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
794	msg->hdr.nexus.targ_port = port->targ_port;
795	msg->port.port_type = port->port_type;
796	msg->port.physical_port = port->physical_port;
797	msg->port.virtual_port = port->virtual_port;
798	msg->port.status = port->status;
799	i = 0;
800	msg->port.name_len = sprintf(&msg->port.data[i],
801	    "%d:%s", softc->ha_id, port->port_name) + 1;
802	i += msg->port.name_len;
803	if (port->lun_map) {
804		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
805		memcpy(&msg->port.data[i], port->lun_map,
806		    msg->port.lun_map_len);
807		i += msg->port.lun_map_len;
808	}
809	if (port->port_devid) {
810		msg->port.port_devid_len = port->port_devid->len;
811		memcpy(&msg->port.data[i], port->port_devid->data,
812		    msg->port.port_devid_len);
813		i += msg->port.port_devid_len;
814	}
815	if (port->target_devid) {
816		msg->port.target_devid_len = port->target_devid->len;
817		memcpy(&msg->port.data[i], port->target_devid->data,
818		    msg->port.target_devid_len);
819		i += msg->port.target_devid_len;
820	}
821	if (port->init_devid) {
822		msg->port.init_devid_len = port->init_devid->len;
823		memcpy(&msg->port.data[i], port->init_devid->data,
824		    msg->port.init_devid_len);
825		i += msg->port.init_devid_len;
826	}
827	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
828	    M_WAITOK);
829	free(msg, M_CTL);
830}
831
832void
833ctl_isc_announce_iid(struct ctl_port *port, int iid)
834{
835	struct ctl_softc *softc = port->ctl_softc;
836	union ctl_ha_msg *msg;
837	int i, l;
838
839	if (port->targ_port < softc->port_min ||
840	    port->targ_port >= softc->port_max ||
841	    softc->ha_link != CTL_HA_LINK_ONLINE)
842		return;
843	mtx_lock(&softc->ctl_lock);
844	i = sizeof(msg->iid);
845	l = 0;
846	if (port->wwpn_iid[iid].name)
847		l = strlen(port->wwpn_iid[iid].name) + 1;
848	i += l;
849	msg = malloc(i, M_CTL, M_NOWAIT);
850	if (msg == NULL) {
851		mtx_unlock(&softc->ctl_lock);
852		return;
853	}
854	bzero(&msg->iid, sizeof(msg->iid));
855	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
856	msg->hdr.nexus.targ_port = port->targ_port;
857	msg->hdr.nexus.initid = iid;
858	msg->iid.in_use = port->wwpn_iid[iid].in_use;
859	msg->iid.name_len = l;
860	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
861	if (port->wwpn_iid[iid].name)
862		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
863	mtx_unlock(&softc->ctl_lock);
864	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
865	free(msg, M_CTL);
866}
867
868void
869ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
870    uint8_t page, uint8_t subpage)
871{
872	struct ctl_softc *softc = lun->ctl_softc;
873	union ctl_ha_msg msg;
874	int i;
875
876	if (softc->ha_link != CTL_HA_LINK_ONLINE)
877		return;
878	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
879		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
880		    page && lun->mode_pages.index[i].subpage == subpage)
881			break;
882	}
883	if (i == CTL_NUM_MODE_PAGES)
884		return;
885	bzero(&msg.mode, sizeof(msg.mode));
886	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
887	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
888	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
889	msg.hdr.nexus.targ_lun = lun->lun;
890	msg.hdr.nexus.targ_mapped_lun = lun->lun;
891	msg.mode.page_code = page;
892	msg.mode.subpage = subpage;
893	msg.mode.page_len = lun->mode_pages.index[i].page_len;
894	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
895	    msg.mode.page_len);
896	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
897	    M_WAITOK);
898}
899
900static void
901ctl_isc_ha_link_up(struct ctl_softc *softc)
902{
903	struct ctl_port *port;
904	struct ctl_lun *lun;
905	union ctl_ha_msg msg;
906	int i;
907
908	/* Announce this node parameters to peer for validation. */
909	msg.login.msg_type = CTL_MSG_LOGIN;
910	msg.login.version = CTL_HA_VERSION;
911	msg.login.ha_mode = softc->ha_mode;
912	msg.login.ha_id = softc->ha_id;
913	msg.login.max_luns = CTL_MAX_LUNS;
914	msg.login.max_ports = CTL_MAX_PORTS;
915	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
916	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
917	    M_WAITOK);
918
919	STAILQ_FOREACH(port, &softc->port_list, links) {
920		ctl_isc_announce_port(port);
921		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
922			if (port->wwpn_iid[i].in_use)
923				ctl_isc_announce_iid(port, i);
924		}
925	}
926	STAILQ_FOREACH(lun, &softc->lun_list, links)
927		ctl_isc_announce_lun(lun);
928}
929
930static void
931ctl_isc_ha_link_down(struct ctl_softc *softc)
932{
933	struct ctl_port *port;
934	struct ctl_lun *lun;
935	union ctl_io *io;
936	int i;
937
938	mtx_lock(&softc->ctl_lock);
939	STAILQ_FOREACH(lun, &softc->lun_list, links) {
940		mtx_lock(&lun->lun_lock);
941		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
942			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
943			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
944		}
945		mtx_unlock(&lun->lun_lock);
946
947		mtx_unlock(&softc->ctl_lock);
948		io = ctl_alloc_io(softc->othersc_pool);
949		mtx_lock(&softc->ctl_lock);
950		ctl_zero_io(io);
951		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
952		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
953		ctl_enqueue_isc(io);
954	}
955
956	STAILQ_FOREACH(port, &softc->port_list, links) {
957		if (port->targ_port >= softc->port_min &&
958		    port->targ_port < softc->port_max)
959			continue;
960		port->status &= ~CTL_PORT_STATUS_ONLINE;
961		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
962			port->wwpn_iid[i].in_use = 0;
963			free(port->wwpn_iid[i].name, M_CTL);
964			port->wwpn_iid[i].name = NULL;
965		}
966	}
967	mtx_unlock(&softc->ctl_lock);
968}
969
970static void
971ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
972{
973	struct ctl_lun *lun;
974	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
975
976	mtx_lock(&softc->ctl_lock);
977	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
978	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
979		mtx_lock(&lun->lun_lock);
980		mtx_unlock(&softc->ctl_lock);
981		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
982		    msg->ua.ua_set)
983			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
984		if (msg->ua.ua_all) {
985			if (msg->ua.ua_set)
986				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
987			else
988				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
989		} else {
990			if (msg->ua.ua_set)
991				ctl_est_ua(lun, iid, msg->ua.ua_type);
992			else
993				ctl_clr_ua(lun, iid, msg->ua.ua_type);
994		}
995		mtx_unlock(&lun->lun_lock);
996	} else
997		mtx_unlock(&softc->ctl_lock);
998}
999
1000static void
1001ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1002{
1003	struct ctl_lun *lun;
1004	struct ctl_ha_msg_lun_pr_key pr_key;
1005	int i, k;
1006	ctl_lun_flags oflags;
1007	uint32_t targ_lun;
1008
1009	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1010	mtx_lock(&softc->ctl_lock);
1011	if ((targ_lun >= CTL_MAX_LUNS) ||
1012	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1013		mtx_unlock(&softc->ctl_lock);
1014		return;
1015	}
1016	mtx_lock(&lun->lun_lock);
1017	mtx_unlock(&softc->ctl_lock);
1018	if (lun->flags & CTL_LUN_DISABLED) {
1019		mtx_unlock(&lun->lun_lock);
1020		return;
1021	}
1022	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1023	if (msg->lun.lun_devid_len != i || (i > 0 &&
1024	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1025		mtx_unlock(&lun->lun_lock);
1026		printf("%s: Received conflicting HA LUN %d\n",
1027		    __func__, msg->hdr.nexus.targ_lun);
1028		return;
1029	} else {
1030		/* Record whether peer is primary. */
1031		oflags = lun->flags;
1032		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1033		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1034			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1035		else
1036			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1037		if (oflags != lun->flags)
1038			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1039
1040		/* If peer is primary and we are not -- use data */
1041		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1042		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1043			lun->PRGeneration = msg->lun.pr_generation;
1044			lun->pr_res_idx = msg->lun.pr_res_idx;
1045			lun->res_type = msg->lun.pr_res_type;
1046			lun->pr_key_count = msg->lun.pr_key_count;
1047			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1048				ctl_clr_prkey(lun, k);
1049			for (k = 0; k < msg->lun.pr_key_count; k++) {
1050				memcpy(&pr_key, &msg->lun.data[i],
1051				    sizeof(pr_key));
1052				ctl_alloc_prkey(lun, pr_key.pr_iid);
1053				ctl_set_prkey(lun, pr_key.pr_iid,
1054				    pr_key.pr_key);
1055				i += sizeof(pr_key);
1056			}
1057		}
1058
1059		mtx_unlock(&lun->lun_lock);
1060		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1061		    __func__, msg->hdr.nexus.targ_lun,
1062		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1063		    "primary" : "secondary"));
1064
1065		/* If we are primary but peer doesn't know -- notify */
1066		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1067		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1068			ctl_isc_announce_lun(lun);
1069	}
1070}
1071
1072static void
1073ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1074{
1075	struct ctl_port *port;
1076	struct ctl_lun *lun;
1077	int i, new;
1078
1079	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1080	if (port == NULL) {
1081		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1082		    msg->hdr.nexus.targ_port));
1083		new = 1;
1084		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1085		port->frontend = &ha_frontend;
1086		port->targ_port = msg->hdr.nexus.targ_port;
1087		port->fe_datamove = ctl_ha_datamove;
1088		port->fe_done = ctl_ha_done;
1089	} else if (port->frontend == &ha_frontend) {
1090		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1091		    msg->hdr.nexus.targ_port));
1092		new = 0;
1093	} else {
1094		printf("%s: Received conflicting HA port %d\n",
1095		    __func__, msg->hdr.nexus.targ_port);
1096		return;
1097	}
1098	port->port_type = msg->port.port_type;
1099	port->physical_port = msg->port.physical_port;
1100	port->virtual_port = msg->port.virtual_port;
1101	port->status = msg->port.status;
1102	i = 0;
1103	free(port->port_name, M_CTL);
1104	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1105	    M_CTL);
1106	i += msg->port.name_len;
1107	if (msg->port.lun_map_len != 0) {
1108		if (port->lun_map == NULL)
1109			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1110			    M_CTL, M_WAITOK);
1111		memcpy(port->lun_map, &msg->port.data[i],
1112		    sizeof(uint32_t) * CTL_MAX_LUNS);
1113		i += msg->port.lun_map_len;
1114	} else {
1115		free(port->lun_map, M_CTL);
1116		port->lun_map = NULL;
1117	}
1118	if (msg->port.port_devid_len != 0) {
1119		if (port->port_devid == NULL ||
1120		    port->port_devid->len != msg->port.port_devid_len) {
1121			free(port->port_devid, M_CTL);
1122			port->port_devid = malloc(sizeof(struct ctl_devid) +
1123			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1124		}
1125		memcpy(port->port_devid->data, &msg->port.data[i],
1126		    msg->port.port_devid_len);
1127		port->port_devid->len = msg->port.port_devid_len;
1128		i += msg->port.port_devid_len;
1129	} else {
1130		free(port->port_devid, M_CTL);
1131		port->port_devid = NULL;
1132	}
1133	if (msg->port.target_devid_len != 0) {
1134		if (port->target_devid == NULL ||
1135		    port->target_devid->len != msg->port.target_devid_len) {
1136			free(port->target_devid, M_CTL);
1137			port->target_devid = malloc(sizeof(struct ctl_devid) +
1138			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1139		}
1140		memcpy(port->target_devid->data, &msg->port.data[i],
1141		    msg->port.target_devid_len);
1142		port->target_devid->len = msg->port.target_devid_len;
1143		i += msg->port.target_devid_len;
1144	} else {
1145		free(port->target_devid, M_CTL);
1146		port->target_devid = NULL;
1147	}
1148	if (msg->port.init_devid_len != 0) {
1149		if (port->init_devid == NULL ||
1150		    port->init_devid->len != msg->port.init_devid_len) {
1151			free(port->init_devid, M_CTL);
1152			port->init_devid = malloc(sizeof(struct ctl_devid) +
1153			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1154		}
1155		memcpy(port->init_devid->data, &msg->port.data[i],
1156		    msg->port.init_devid_len);
1157		port->init_devid->len = msg->port.init_devid_len;
1158		i += msg->port.init_devid_len;
1159	} else {
1160		free(port->init_devid, M_CTL);
1161		port->init_devid = NULL;
1162	}
1163	if (new) {
1164		if (ctl_port_register(port) != 0) {
1165			printf("%s: ctl_port_register() failed with error\n",
1166			    __func__);
1167		}
1168	}
1169	mtx_lock(&softc->ctl_lock);
1170	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1171		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1172			continue;
1173		mtx_lock(&lun->lun_lock);
1174		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1175		mtx_unlock(&lun->lun_lock);
1176	}
1177	mtx_unlock(&softc->ctl_lock);
1178}
1179
1180static void
1181ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1182{
1183	struct ctl_port *port;
1184	int iid;
1185
1186	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1187	if (port == NULL) {
1188		printf("%s: Received IID for unknown port %d\n",
1189		    __func__, msg->hdr.nexus.targ_port);
1190		return;
1191	}
1192	iid = msg->hdr.nexus.initid;
1193	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1194	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1195	free(port->wwpn_iid[iid].name, M_CTL);
1196	if (msg->iid.name_len) {
1197		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1198		    msg->iid.name_len, M_CTL);
1199	} else
1200		port->wwpn_iid[iid].name = NULL;
1201}
1202
1203static void
1204ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1205{
1206
1207	if (msg->login.version != CTL_HA_VERSION) {
1208		printf("CTL HA peers have different versions %d != %d\n",
1209		    msg->login.version, CTL_HA_VERSION);
1210		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1211		return;
1212	}
1213	if (msg->login.ha_mode != softc->ha_mode) {
1214		printf("CTL HA peers have different ha_mode %d != %d\n",
1215		    msg->login.ha_mode, softc->ha_mode);
1216		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1217		return;
1218	}
1219	if (msg->login.ha_id == softc->ha_id) {
1220		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1221		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1222		return;
1223	}
1224	if (msg->login.max_luns != CTL_MAX_LUNS ||
1225	    msg->login.max_ports != CTL_MAX_PORTS ||
1226	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1227		printf("CTL HA peers have different limits\n");
1228		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1229		return;
1230	}
1231}
1232
1233static void
1234ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1235{
1236	struct ctl_lun *lun;
1237	int i;
1238	uint32_t initidx, targ_lun;
1239
1240	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1241	mtx_lock(&softc->ctl_lock);
1242	if ((targ_lun >= CTL_MAX_LUNS) ||
1243	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1244		mtx_unlock(&softc->ctl_lock);
1245		return;
1246	}
1247	mtx_lock(&lun->lun_lock);
1248	mtx_unlock(&softc->ctl_lock);
1249	if (lun->flags & CTL_LUN_DISABLED) {
1250		mtx_unlock(&lun->lun_lock);
1251		return;
1252	}
1253	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1254		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1255		    msg->mode.page_code &&
1256		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1257			break;
1258	}
1259	if (i == CTL_NUM_MODE_PAGES) {
1260		mtx_unlock(&lun->lun_lock);
1261		return;
1262	}
1263	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1264	    lun->mode_pages.index[i].page_len);
1265	initidx = ctl_get_initindex(&msg->hdr.nexus);
1266	if (initidx != -1)
1267		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1268	mtx_unlock(&lun->lun_lock);
1269}
1270
1271/*
1272 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1273 * subsystem come in here.
1274 */
1275static void
1276ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1277{
1278	struct ctl_softc *softc = control_softc;
1279	union ctl_io *io;
1280	struct ctl_prio *presio;
1281	ctl_ha_status isc_status;
1282
1283	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1284	if (event == CTL_HA_EVT_MSG_RECV) {
1285		union ctl_ha_msg *msg, msgbuf;
1286
1287		if (param > sizeof(msgbuf))
1288			msg = malloc(param, M_CTL, M_WAITOK);
1289		else
1290			msg = &msgbuf;
1291		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1292		    M_WAITOK);
1293		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1294			printf("%s: Error receiving message: %d\n",
1295			    __func__, isc_status);
1296			if (msg != &msgbuf)
1297				free(msg, M_CTL);
1298			return;
1299		}
1300
1301		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1302		switch (msg->hdr.msg_type) {
1303		case CTL_MSG_SERIALIZE:
1304			io = ctl_alloc_io(softc->othersc_pool);
1305			ctl_zero_io(io);
1306			// populate ctsio from msg
1307			io->io_hdr.io_type = CTL_IO_SCSI;
1308			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1309			io->io_hdr.original_sc = msg->hdr.original_sc;
1310			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1311					    CTL_FLAG_IO_ACTIVE;
1312			/*
1313			 * If we're in serialization-only mode, we don't
1314			 * want to go through full done processing.  Thus
1315			 * the COPY flag.
1316			 *
1317			 * XXX KDM add another flag that is more specific.
1318			 */
1319			if (softc->ha_mode != CTL_HA_MODE_XFER)
1320				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1321			io->io_hdr.nexus = msg->hdr.nexus;
1322#if 0
1323			printf("port %u, iid %u, lun %u\n",
1324			       io->io_hdr.nexus.targ_port,
1325			       io->io_hdr.nexus.initid,
1326			       io->io_hdr.nexus.targ_lun);
1327#endif
1328			io->scsiio.tag_num = msg->scsi.tag_num;
1329			io->scsiio.tag_type = msg->scsi.tag_type;
1330#ifdef CTL_TIME_IO
1331			io->io_hdr.start_time = time_uptime;
1332			getbinuptime(&io->io_hdr.start_bt);
1333#endif /* CTL_TIME_IO */
1334			io->scsiio.cdb_len = msg->scsi.cdb_len;
1335			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1336			       CTL_MAX_CDBLEN);
1337			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1338				const struct ctl_cmd_entry *entry;
1339
1340				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1341				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1342				io->io_hdr.flags |=
1343					entry->flags & CTL_FLAG_DATA_MASK;
1344			}
1345			ctl_enqueue_isc(io);
1346			break;
1347
1348		/* Performed on the Originating SC, XFER mode only */
1349		case CTL_MSG_DATAMOVE: {
1350			struct ctl_sg_entry *sgl;
1351			int i, j;
1352
1353			io = msg->hdr.original_sc;
1354			if (io == NULL) {
1355				printf("%s: original_sc == NULL!\n", __func__);
1356				/* XXX KDM do something here */
1357				break;
1358			}
1359			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1360			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1361			/*
1362			 * Keep track of this, we need to send it back over
1363			 * when the datamove is complete.
1364			 */
1365			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1366			if (msg->hdr.status == CTL_SUCCESS)
1367				io->io_hdr.status = msg->hdr.status;
1368
1369			if (msg->dt.sg_sequence == 0) {
1370#ifdef CTL_TIME_IO
1371				getbinuptime(&io->io_hdr.dma_start_bt);
1372#endif
1373				i = msg->dt.kern_sg_entries +
1374				    msg->dt.kern_data_len /
1375				    CTL_HA_DATAMOVE_SEGMENT + 1;
1376				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1377				    M_WAITOK | M_ZERO);
1378				io->io_hdr.remote_sglist = sgl;
1379				io->io_hdr.local_sglist =
1380				    &sgl[msg->dt.kern_sg_entries];
1381
1382				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1383
1384				io->scsiio.kern_sg_entries =
1385					msg->dt.kern_sg_entries;
1386				io->scsiio.rem_sg_entries =
1387					msg->dt.kern_sg_entries;
1388				io->scsiio.kern_data_len =
1389					msg->dt.kern_data_len;
1390				io->scsiio.kern_total_len =
1391					msg->dt.kern_total_len;
1392				io->scsiio.kern_data_resid =
1393					msg->dt.kern_data_resid;
1394				io->scsiio.kern_rel_offset =
1395					msg->dt.kern_rel_offset;
1396				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1397				io->io_hdr.flags |= msg->dt.flags &
1398				    CTL_FLAG_BUS_ADDR;
1399			} else
1400				sgl = (struct ctl_sg_entry *)
1401					io->scsiio.kern_data_ptr;
1402
1403			for (i = msg->dt.sent_sg_entries, j = 0;
1404			     i < (msg->dt.sent_sg_entries +
1405			     msg->dt.cur_sg_entries); i++, j++) {
1406				sgl[i].addr = msg->dt.sg_list[j].addr;
1407				sgl[i].len = msg->dt.sg_list[j].len;
1408
1409#if 0
1410				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1411				    __func__, sgl[i].addr, sgl[i].len, j, i);
1412#endif
1413			}
1414
1415			/*
1416			 * If this is the last piece of the I/O, we've got
1417			 * the full S/G list.  Queue processing in the thread.
1418			 * Otherwise wait for the next piece.
1419			 */
1420			if (msg->dt.sg_last != 0)
1421				ctl_enqueue_isc(io);
1422			break;
1423		}
1424		/* Performed on the Serializing (primary) SC, XFER mode only */
1425		case CTL_MSG_DATAMOVE_DONE: {
1426			if (msg->hdr.serializing_sc == NULL) {
1427				printf("%s: serializing_sc == NULL!\n",
1428				       __func__);
1429				/* XXX KDM now what? */
1430				break;
1431			}
1432			/*
1433			 * We grab the sense information here in case
1434			 * there was a failure, so we can return status
1435			 * back to the initiator.
1436			 */
1437			io = msg->hdr.serializing_sc;
1438			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1439			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1440			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1441			io->io_hdr.port_status = msg->scsi.fetd_status;
1442			io->scsiio.residual = msg->scsi.residual;
1443			if (msg->hdr.status != CTL_STATUS_NONE) {
1444				io->io_hdr.status = msg->hdr.status;
1445				io->scsiio.scsi_status = msg->scsi.scsi_status;
1446				io->scsiio.sense_len = msg->scsi.sense_len;
1447				io->scsiio.sense_residual =msg->scsi.sense_residual;
1448				memcpy(&io->scsiio.sense_data,
1449				    &msg->scsi.sense_data,
1450				    msg->scsi.sense_len);
1451				if (msg->hdr.status == CTL_SUCCESS)
1452					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1453			}
1454			ctl_enqueue_isc(io);
1455			break;
1456		}
1457
1458		/* Preformed on Originating SC, SER_ONLY mode */
1459		case CTL_MSG_R2R:
1460			io = msg->hdr.original_sc;
1461			if (io == NULL) {
1462				printf("%s: original_sc == NULL!\n",
1463				    __func__);
1464				break;
1465			}
1466			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1467			io->io_hdr.msg_type = CTL_MSG_R2R;
1468			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1469			ctl_enqueue_isc(io);
1470			break;
1471
1472		/*
1473		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1474		 * mode.
1475		 * Performed on the Originating (i.e. secondary) SC in XFER
1476		 * mode
1477		 */
1478		case CTL_MSG_FINISH_IO:
1479			if (softc->ha_mode == CTL_HA_MODE_XFER)
1480				ctl_isc_handler_finish_xfer(softc, msg);
1481			else
1482				ctl_isc_handler_finish_ser_only(softc, msg);
1483			break;
1484
1485		/* Preformed on Originating SC */
1486		case CTL_MSG_BAD_JUJU:
1487			io = msg->hdr.original_sc;
1488			if (io == NULL) {
1489				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1490				       __func__);
1491				break;
1492			}
1493			ctl_copy_sense_data(msg, io);
1494			/*
1495			 * IO should have already been cleaned up on other
1496			 * SC so clear this flag so we won't send a message
1497			 * back to finish the IO there.
1498			 */
1499			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1500			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1501
1502			/* io = msg->hdr.serializing_sc; */
1503			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1504			ctl_enqueue_isc(io);
1505			break;
1506
1507		/* Handle resets sent from the other side */
1508		case CTL_MSG_MANAGE_TASKS: {
1509			struct ctl_taskio *taskio;
1510			taskio = (struct ctl_taskio *)ctl_alloc_io(
1511			    softc->othersc_pool);
1512			ctl_zero_io((union ctl_io *)taskio);
1513			taskio->io_hdr.io_type = CTL_IO_TASK;
1514			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1515			taskio->io_hdr.nexus = msg->hdr.nexus;
1516			taskio->task_action = msg->task.task_action;
1517			taskio->tag_num = msg->task.tag_num;
1518			taskio->tag_type = msg->task.tag_type;
1519#ifdef CTL_TIME_IO
1520			taskio->io_hdr.start_time = time_uptime;
1521			getbinuptime(&taskio->io_hdr.start_bt);
1522#endif /* CTL_TIME_IO */
1523			ctl_run_task((union ctl_io *)taskio);
1524			break;
1525		}
1526		/* Persistent Reserve action which needs attention */
1527		case CTL_MSG_PERS_ACTION:
1528			presio = (struct ctl_prio *)ctl_alloc_io(
1529			    softc->othersc_pool);
1530			ctl_zero_io((union ctl_io *)presio);
1531			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1532			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1533			presio->io_hdr.nexus = msg->hdr.nexus;
1534			presio->pr_msg = msg->pr;
1535			ctl_enqueue_isc((union ctl_io *)presio);
1536			break;
1537		case CTL_MSG_UA:
1538			ctl_isc_ua(softc, msg, param);
1539			break;
1540		case CTL_MSG_PORT_SYNC:
1541			ctl_isc_port_sync(softc, msg, param);
1542			break;
1543		case CTL_MSG_LUN_SYNC:
1544			ctl_isc_lun_sync(softc, msg, param);
1545			break;
1546		case CTL_MSG_IID_SYNC:
1547			ctl_isc_iid_sync(softc, msg, param);
1548			break;
1549		case CTL_MSG_LOGIN:
1550			ctl_isc_login(softc, msg, param);
1551			break;
1552		case CTL_MSG_MODE_SYNC:
1553			ctl_isc_mode_sync(softc, msg, param);
1554			break;
1555		default:
1556			printf("Received HA message of unknown type %d\n",
1557			    msg->hdr.msg_type);
1558			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1559			break;
1560		}
1561		if (msg != &msgbuf)
1562			free(msg, M_CTL);
1563	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1564		printf("CTL: HA link status changed from %d to %d\n",
1565		    softc->ha_link, param);
1566		if (param == softc->ha_link)
1567			return;
1568		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1569			softc->ha_link = param;
1570			ctl_isc_ha_link_down(softc);
1571		} else {
1572			softc->ha_link = param;
1573			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1574				ctl_isc_ha_link_up(softc);
1575		}
1576		return;
1577	} else {
1578		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1579		return;
1580	}
1581}
1582
1583static void
1584ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1585{
1586
1587	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1588	    src->scsi.sense_len);
1589	dest->scsiio.scsi_status = src->scsi.scsi_status;
1590	dest->scsiio.sense_len = src->scsi.sense_len;
1591	dest->io_hdr.status = src->hdr.status;
1592}
1593
1594static void
1595ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1596{
1597
1598	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1599	    src->scsiio.sense_len);
1600	dest->scsi.scsi_status = src->scsiio.scsi_status;
1601	dest->scsi.sense_len = src->scsiio.sense_len;
1602	dest->hdr.status = src->io_hdr.status;
1603}
1604
1605void
1606ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1607{
1608	struct ctl_softc *softc = lun->ctl_softc;
1609	ctl_ua_type *pu;
1610
1611	if (initidx < softc->init_min || initidx >= softc->init_max)
1612		return;
1613	mtx_assert(&lun->lun_lock, MA_OWNED);
1614	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1615	if (pu == NULL)
1616		return;
1617	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1618}
1619
1620void
1621ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1622{
1623	int i;
1624
1625	mtx_assert(&lun->lun_lock, MA_OWNED);
1626	if (lun->pending_ua[port] == NULL)
1627		return;
1628	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1629		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1630			continue;
1631		lun->pending_ua[port][i] |= ua;
1632	}
1633}
1634
1635void
1636ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1637{
1638	struct ctl_softc *softc = lun->ctl_softc;
1639	int i;
1640
1641	mtx_assert(&lun->lun_lock, MA_OWNED);
1642	for (i = softc->port_min; i < softc->port_max; i++)
1643		ctl_est_ua_port(lun, i, except, ua);
1644}
1645
1646void
1647ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1648{
1649	struct ctl_softc *softc = lun->ctl_softc;
1650	ctl_ua_type *pu;
1651
1652	if (initidx < softc->init_min || initidx >= softc->init_max)
1653		return;
1654	mtx_assert(&lun->lun_lock, MA_OWNED);
1655	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1656	if (pu == NULL)
1657		return;
1658	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1659}
1660
1661void
1662ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1663{
1664	struct ctl_softc *softc = lun->ctl_softc;
1665	int i, j;
1666
1667	mtx_assert(&lun->lun_lock, MA_OWNED);
1668	for (i = softc->port_min; i < softc->port_max; i++) {
1669		if (lun->pending_ua[i] == NULL)
1670			continue;
1671		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1672			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1673				continue;
1674			lun->pending_ua[i][j] &= ~ua;
1675		}
1676	}
1677}
1678
1679void
1680ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1681    ctl_ua_type ua_type)
1682{
1683	struct ctl_lun *lun;
1684
1685	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1686	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1687		mtx_lock(&lun->lun_lock);
1688		ctl_clr_ua(lun, initidx, ua_type);
1689		mtx_unlock(&lun->lun_lock);
1690	}
1691}
1692
1693static int
1694ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1695{
1696	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1697	struct ctl_lun *lun;
1698	struct ctl_lun_req ireq;
1699	int error, value;
1700
1701	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1702	error = sysctl_handle_int(oidp, &value, 0, req);
1703	if ((error != 0) || (req->newptr == NULL))
1704		return (error);
1705
1706	mtx_lock(&softc->ctl_lock);
1707	if (value == 0)
1708		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1709	else
1710		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1711	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1712		mtx_unlock(&softc->ctl_lock);
1713		bzero(&ireq, sizeof(ireq));
1714		ireq.reqtype = CTL_LUNREQ_MODIFY;
1715		ireq.reqdata.modify.lun_id = lun->lun;
1716		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1717		    curthread);
1718		if (ireq.status != CTL_LUN_OK) {
1719			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1720			    __func__, ireq.status, ireq.error_str);
1721		}
1722		mtx_lock(&softc->ctl_lock);
1723	}
1724	mtx_unlock(&softc->ctl_lock);
1725	return (0);
1726}
1727
1728static int
1729ctl_init(void)
1730{
1731	struct ctl_softc *softc;
1732	void *other_pool;
1733	int i, error;
1734
1735	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1736			       M_WAITOK | M_ZERO);
1737
1738	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1739			      "cam/ctl");
1740	softc->dev->si_drv1 = softc;
1741
1742	sysctl_ctx_init(&softc->sysctl_ctx);
1743	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1744		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1745		CTLFLAG_RD, 0, "CAM Target Layer");
1746
1747	if (softc->sysctl_tree == NULL) {
1748		printf("%s: unable to allocate sysctl tree\n", __func__);
1749		destroy_dev(softc->dev);
1750		free(control_softc, M_DEVBUF);
1751		control_softc = NULL;
1752		return (ENOMEM);
1753	}
1754
1755	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1756	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1757	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1758	softc->flags = 0;
1759
1760	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1761	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1762	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1763
1764	/*
1765	 * In Copan's HA scheme, the "master" and "slave" roles are
1766	 * figured out through the slot the controller is in.  Although it
1767	 * is an active/active system, someone has to be in charge.
1768	 */
1769	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1770	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1771	    "HA head ID (0 - no HA)");
1772	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1773		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1774		softc->is_single = 1;
1775		softc->port_cnt = CTL_MAX_PORTS;
1776		softc->port_min = 0;
1777	} else {
1778		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1779		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1780	}
1781	softc->port_max = softc->port_min + softc->port_cnt;
1782	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1783	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1784
1785	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1786	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1787	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1788
1789	STAILQ_INIT(&softc->lun_list);
1790	STAILQ_INIT(&softc->pending_lun_queue);
1791	STAILQ_INIT(&softc->fe_list);
1792	STAILQ_INIT(&softc->port_list);
1793	STAILQ_INIT(&softc->be_list);
1794	ctl_tpc_init(softc);
1795
1796	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1797	                    &other_pool) != 0)
1798	{
1799		printf("ctl: can't allocate %d entry other SC pool, "
1800		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1801		return (ENOMEM);
1802	}
1803	softc->othersc_pool = other_pool;
1804
1805	if (worker_threads <= 0)
1806		worker_threads = max(1, mp_ncpus / 4);
1807	if (worker_threads > CTL_MAX_THREADS)
1808		worker_threads = CTL_MAX_THREADS;
1809
1810	for (i = 0; i < worker_threads; i++) {
1811		struct ctl_thread *thr = &softc->threads[i];
1812
1813		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1814		thr->ctl_softc = softc;
1815		STAILQ_INIT(&thr->incoming_queue);
1816		STAILQ_INIT(&thr->rtr_queue);
1817		STAILQ_INIT(&thr->done_queue);
1818		STAILQ_INIT(&thr->isc_queue);
1819
1820		error = kproc_kthread_add(ctl_work_thread, thr,
1821		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1822		if (error != 0) {
1823			printf("error creating CTL work thread!\n");
1824			ctl_pool_free(other_pool);
1825			return (error);
1826		}
1827	}
1828	error = kproc_kthread_add(ctl_lun_thread, softc,
1829	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1830	if (error != 0) {
1831		printf("error creating CTL lun thread!\n");
1832		ctl_pool_free(other_pool);
1833		return (error);
1834	}
1835	error = kproc_kthread_add(ctl_thresh_thread, softc,
1836	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1837	if (error != 0) {
1838		printf("error creating CTL threshold thread!\n");
1839		ctl_pool_free(other_pool);
1840		return (error);
1841	}
1842
1843	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1844	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1845	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1846
1847	if (softc->is_single == 0) {
1848		ctl_frontend_register(&ha_frontend);
1849		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1850			printf("ctl_init: ctl_ha_msg_init failed.\n");
1851			softc->is_single = 1;
1852		} else
1853		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1854		    != CTL_HA_STATUS_SUCCESS) {
1855			printf("ctl_init: ctl_ha_msg_register failed.\n");
1856			softc->is_single = 1;
1857		}
1858	}
1859	return (0);
1860}
1861
1862void
1863ctl_shutdown(void)
1864{
1865	struct ctl_softc *softc = control_softc;
1866	struct ctl_lun *lun, *next_lun;
1867
1868	if (softc->is_single == 0) {
1869		ctl_ha_msg_shutdown(softc);
1870		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1871		    != CTL_HA_STATUS_SUCCESS)
1872			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1873		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1874			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1875		ctl_frontend_deregister(&ha_frontend);
1876	}
1877
1878	mtx_lock(&softc->ctl_lock);
1879
1880	/*
1881	 * Free up each LUN.
1882	 */
1883	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1884		next_lun = STAILQ_NEXT(lun, links);
1885		ctl_free_lun(lun);
1886	}
1887
1888	mtx_unlock(&softc->ctl_lock);
1889
1890#if 0
1891	ctl_shutdown_thread(softc->work_thread);
1892	mtx_destroy(&softc->queue_lock);
1893#endif
1894
1895	ctl_tpc_shutdown(softc);
1896	uma_zdestroy(softc->io_zone);
1897	mtx_destroy(&softc->ctl_lock);
1898
1899	destroy_dev(softc->dev);
1900
1901	sysctl_ctx_free(&softc->sysctl_ctx);
1902
1903	free(control_softc, M_DEVBUF);
1904	control_softc = NULL;
1905}
1906
1907static int
1908ctl_module_event_handler(module_t mod, int what, void *arg)
1909{
1910
1911	switch (what) {
1912	case MOD_LOAD:
1913		return (ctl_init());
1914	case MOD_UNLOAD:
1915		return (EBUSY);
1916	default:
1917		return (EOPNOTSUPP);
1918	}
1919}
1920
1921/*
1922 * XXX KDM should we do some access checks here?  Bump a reference count to
1923 * prevent a CTL module from being unloaded while someone has it open?
1924 */
1925static int
1926ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1927{
1928	return (0);
1929}
1930
1931static int
1932ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1933{
1934	return (0);
1935}
1936
1937/*
1938 * Remove an initiator by port number and initiator ID.
1939 * Returns 0 for success, -1 for failure.
1940 */
1941int
1942ctl_remove_initiator(struct ctl_port *port, int iid)
1943{
1944	struct ctl_softc *softc = port->ctl_softc;
1945
1946	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1947
1948	if (iid > CTL_MAX_INIT_PER_PORT) {
1949		printf("%s: initiator ID %u > maximun %u!\n",
1950		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1951		return (-1);
1952	}
1953
1954	mtx_lock(&softc->ctl_lock);
1955	port->wwpn_iid[iid].in_use--;
1956	port->wwpn_iid[iid].last_use = time_uptime;
1957	mtx_unlock(&softc->ctl_lock);
1958	ctl_isc_announce_iid(port, iid);
1959
1960	return (0);
1961}
1962
1963/*
1964 * Add an initiator to the initiator map.
1965 * Returns iid for success, < 0 for failure.
1966 */
1967int
1968ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1969{
1970	struct ctl_softc *softc = port->ctl_softc;
1971	time_t best_time;
1972	int i, best;
1973
1974	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1975
1976	if (iid >= CTL_MAX_INIT_PER_PORT) {
1977		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1978		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1979		free(name, M_CTL);
1980		return (-1);
1981	}
1982
1983	mtx_lock(&softc->ctl_lock);
1984
1985	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1986		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1987			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1988				iid = i;
1989				break;
1990			}
1991			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1992			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1993				iid = i;
1994				break;
1995			}
1996		}
1997	}
1998
1999	if (iid < 0) {
2000		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2001			if (port->wwpn_iid[i].in_use == 0 &&
2002			    port->wwpn_iid[i].wwpn == 0 &&
2003			    port->wwpn_iid[i].name == NULL) {
2004				iid = i;
2005				break;
2006			}
2007		}
2008	}
2009
2010	if (iid < 0) {
2011		best = -1;
2012		best_time = INT32_MAX;
2013		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2014			if (port->wwpn_iid[i].in_use == 0) {
2015				if (port->wwpn_iid[i].last_use < best_time) {
2016					best = i;
2017					best_time = port->wwpn_iid[i].last_use;
2018				}
2019			}
2020		}
2021		iid = best;
2022	}
2023
2024	if (iid < 0) {
2025		mtx_unlock(&softc->ctl_lock);
2026		free(name, M_CTL);
2027		return (-2);
2028	}
2029
2030	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2031		/*
2032		 * This is not an error yet.
2033		 */
2034		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2035#if 0
2036			printf("%s: port %d iid %u WWPN %#jx arrived"
2037			    " again\n", __func__, port->targ_port,
2038			    iid, (uintmax_t)wwpn);
2039#endif
2040			goto take;
2041		}
2042		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2043		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2044#if 0
2045			printf("%s: port %d iid %u name '%s' arrived"
2046			    " again\n", __func__, port->targ_port,
2047			    iid, name);
2048#endif
2049			goto take;
2050		}
2051
2052		/*
2053		 * This is an error, but what do we do about it?  The
2054		 * driver is telling us we have a new WWPN for this
2055		 * initiator ID, so we pretty much need to use it.
2056		 */
2057		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2058		    " but WWPN %#jx '%s' is still at that address\n",
2059		    __func__, port->targ_port, iid, wwpn, name,
2060		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2061		    port->wwpn_iid[iid].name);
2062
2063		/*
2064		 * XXX KDM clear have_ca and ua_pending on each LUN for
2065		 * this initiator.
2066		 */
2067	}
2068take:
2069	free(port->wwpn_iid[iid].name, M_CTL);
2070	port->wwpn_iid[iid].name = name;
2071	port->wwpn_iid[iid].wwpn = wwpn;
2072	port->wwpn_iid[iid].in_use++;
2073	mtx_unlock(&softc->ctl_lock);
2074	ctl_isc_announce_iid(port, iid);
2075
2076	return (iid);
2077}
2078
2079static int
2080ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2081{
2082	int len;
2083
2084	switch (port->port_type) {
2085	case CTL_PORT_FC:
2086	{
2087		struct scsi_transportid_fcp *id =
2088		    (struct scsi_transportid_fcp *)buf;
2089		if (port->wwpn_iid[iid].wwpn == 0)
2090			return (0);
2091		memset(id, 0, sizeof(*id));
2092		id->format_protocol = SCSI_PROTO_FC;
2093		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2094		return (sizeof(*id));
2095	}
2096	case CTL_PORT_ISCSI:
2097	{
2098		struct scsi_transportid_iscsi_port *id =
2099		    (struct scsi_transportid_iscsi_port *)buf;
2100		if (port->wwpn_iid[iid].name == NULL)
2101			return (0);
2102		memset(id, 0, 256);
2103		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2104		    SCSI_PROTO_ISCSI;
2105		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2106		len = roundup2(min(len, 252), 4);
2107		scsi_ulto2b(len, id->additional_length);
2108		return (sizeof(*id) + len);
2109	}
2110	case CTL_PORT_SAS:
2111	{
2112		struct scsi_transportid_sas *id =
2113		    (struct scsi_transportid_sas *)buf;
2114		if (port->wwpn_iid[iid].wwpn == 0)
2115			return (0);
2116		memset(id, 0, sizeof(*id));
2117		id->format_protocol = SCSI_PROTO_SAS;
2118		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2119		return (sizeof(*id));
2120	}
2121	default:
2122	{
2123		struct scsi_transportid_spi *id =
2124		    (struct scsi_transportid_spi *)buf;
2125		memset(id, 0, sizeof(*id));
2126		id->format_protocol = SCSI_PROTO_SPI;
2127		scsi_ulto2b(iid, id->scsi_addr);
2128		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2129		return (sizeof(*id));
2130	}
2131	}
2132}
2133
2134/*
2135 * Serialize a command that went down the "wrong" side, and so was sent to
2136 * this controller for execution.  The logic is a little different than the
2137 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2138 * sent back to the other side, but in the success case, we execute the
2139 * command on this side (XFER mode) or tell the other side to execute it
2140 * (SER_ONLY mode).
2141 */
2142static int
2143ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2144{
2145	struct ctl_softc *softc = control_softc;
2146	union ctl_ha_msg msg_info;
2147	struct ctl_port *port;
2148	struct ctl_lun *lun;
2149	const struct ctl_cmd_entry *entry;
2150	int retval = 0;
2151	uint32_t targ_lun;
2152
2153	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2154	mtx_lock(&softc->ctl_lock);
2155
2156	/* Make sure that we know about this port. */
2157	port = ctl_io_port(&ctsio->io_hdr);
2158	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2159		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2160					 /*retry_count*/ 1);
2161		goto badjuju;
2162	}
2163
2164	/* Make sure that we know about this LUN. */
2165	if ((targ_lun < CTL_MAX_LUNS) &&
2166	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2167		mtx_lock(&lun->lun_lock);
2168		mtx_unlock(&softc->ctl_lock);
2169		/*
2170		 * If the LUN is invalid, pretend that it doesn't exist.
2171		 * It will go away as soon as all pending I/O has been
2172		 * completed.
2173		 */
2174		if (lun->flags & CTL_LUN_DISABLED) {
2175			mtx_unlock(&lun->lun_lock);
2176			lun = NULL;
2177		}
2178	} else {
2179		mtx_unlock(&softc->ctl_lock);
2180		lun = NULL;
2181	}
2182	if (lun == NULL) {
2183		/*
2184		 * The other node would not send this request to us unless
2185		 * received announce that we are primary node for this LUN.
2186		 * If this LUN does not exist now, it is probably result of
2187		 * a race, so respond to initiator in the most opaque way.
2188		 */
2189		ctl_set_busy(ctsio);
2190		goto badjuju;
2191	}
2192
2193	entry = ctl_get_cmd_entry(ctsio, NULL);
2194	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2195		mtx_unlock(&lun->lun_lock);
2196		goto badjuju;
2197	}
2198
2199	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2200	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2201
2202	/*
2203	 * Every I/O goes into the OOA queue for a
2204	 * particular LUN, and stays there until completion.
2205	 */
2206#ifdef CTL_TIME_IO
2207	if (TAILQ_EMPTY(&lun->ooa_queue))
2208		lun->idle_time += getsbinuptime() - lun->last_busy;
2209#endif
2210	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2211
2212	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2213		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2214		 ooa_links))) {
2215	case CTL_ACTION_BLOCK:
2216		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2217		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2218				  blocked_links);
2219		mtx_unlock(&lun->lun_lock);
2220		break;
2221	case CTL_ACTION_PASS:
2222	case CTL_ACTION_SKIP:
2223		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2224			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2225			ctl_enqueue_rtr((union ctl_io *)ctsio);
2226			mtx_unlock(&lun->lun_lock);
2227		} else {
2228			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2229			mtx_unlock(&lun->lun_lock);
2230
2231			/* send msg back to other side */
2232			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2233			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2234			msg_info.hdr.msg_type = CTL_MSG_R2R;
2235			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2236			    sizeof(msg_info.hdr), M_WAITOK);
2237		}
2238		break;
2239	case CTL_ACTION_OVERLAP:
2240		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2241		mtx_unlock(&lun->lun_lock);
2242		ctl_set_overlapped_cmd(ctsio);
2243		goto badjuju;
2244	case CTL_ACTION_OVERLAP_TAG:
2245		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2246		mtx_unlock(&lun->lun_lock);
2247		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2248		goto badjuju;
2249	case CTL_ACTION_ERROR:
2250	default:
2251		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2252		mtx_unlock(&lun->lun_lock);
2253
2254		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2255					 /*retry_count*/ 0);
2256badjuju:
2257		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2258		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2259		msg_info.hdr.serializing_sc = NULL;
2260		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2261		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2262		    sizeof(msg_info.scsi), M_WAITOK);
2263		retval = 1;
2264		break;
2265	}
2266	return (retval);
2267}
2268
2269/*
2270 * Returns 0 for success, errno for failure.
2271 */
2272static void
2273ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2274		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2275{
2276	union ctl_io *io;
2277
2278	mtx_lock(&lun->lun_lock);
2279	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2280	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2281	     ooa_links)) {
2282		struct ctl_ooa_entry *entry;
2283
2284		/*
2285		 * If we've got more than we can fit, just count the
2286		 * remaining entries.
2287		 */
2288		if (*cur_fill_num >= ooa_hdr->alloc_num)
2289			continue;
2290
2291		entry = &kern_entries[*cur_fill_num];
2292
2293		entry->tag_num = io->scsiio.tag_num;
2294		entry->lun_num = lun->lun;
2295#ifdef CTL_TIME_IO
2296		entry->start_bt = io->io_hdr.start_bt;
2297#endif
2298		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2299		entry->cdb_len = io->scsiio.cdb_len;
2300		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2301			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2302
2303		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2304			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2305
2306		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2307			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2308
2309		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2310			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2311
2312		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2313			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2314	}
2315	mtx_unlock(&lun->lun_lock);
2316}
2317
2318static void *
2319ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2320		 size_t error_str_len)
2321{
2322	void *kptr;
2323
2324	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2325
2326	if (copyin(user_addr, kptr, len) != 0) {
2327		snprintf(error_str, error_str_len, "Error copying %d bytes "
2328			 "from user address %p to kernel address %p", len,
2329			 user_addr, kptr);
2330		free(kptr, M_CTL);
2331		return (NULL);
2332	}
2333
2334	return (kptr);
2335}
2336
2337static void
2338ctl_free_args(int num_args, struct ctl_be_arg *args)
2339{
2340	int i;
2341
2342	if (args == NULL)
2343		return;
2344
2345	for (i = 0; i < num_args; i++) {
2346		free(args[i].kname, M_CTL);
2347		free(args[i].kvalue, M_CTL);
2348	}
2349
2350	free(args, M_CTL);
2351}
2352
2353static struct ctl_be_arg *
2354ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2355		char *error_str, size_t error_str_len)
2356{
2357	struct ctl_be_arg *args;
2358	int i;
2359
2360	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2361				error_str, error_str_len);
2362
2363	if (args == NULL)
2364		goto bailout;
2365
2366	for (i = 0; i < num_args; i++) {
2367		args[i].kname = NULL;
2368		args[i].kvalue = NULL;
2369	}
2370
2371	for (i = 0; i < num_args; i++) {
2372		uint8_t *tmpptr;
2373
2374		args[i].kname = ctl_copyin_alloc(args[i].name,
2375			args[i].namelen, error_str, error_str_len);
2376		if (args[i].kname == NULL)
2377			goto bailout;
2378
2379		if (args[i].kname[args[i].namelen - 1] != '\0') {
2380			snprintf(error_str, error_str_len, "Argument %d "
2381				 "name is not NUL-terminated", i);
2382			goto bailout;
2383		}
2384
2385		if (args[i].flags & CTL_BEARG_RD) {
2386			tmpptr = ctl_copyin_alloc(args[i].value,
2387				args[i].vallen, error_str, error_str_len);
2388			if (tmpptr == NULL)
2389				goto bailout;
2390			if ((args[i].flags & CTL_BEARG_ASCII)
2391			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2392				snprintf(error_str, error_str_len, "Argument "
2393				    "%d value is not NUL-terminated", i);
2394				goto bailout;
2395			}
2396			args[i].kvalue = tmpptr;
2397		} else {
2398			args[i].kvalue = malloc(args[i].vallen,
2399			    M_CTL, M_WAITOK | M_ZERO);
2400		}
2401	}
2402
2403	return (args);
2404bailout:
2405
2406	ctl_free_args(num_args, args);
2407
2408	return (NULL);
2409}
2410
2411static void
2412ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2413{
2414	int i;
2415
2416	for (i = 0; i < num_args; i++) {
2417		if (args[i].flags & CTL_BEARG_WR)
2418			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2419	}
2420}
2421
2422/*
2423 * Escape characters that are illegal or not recommended in XML.
2424 */
2425int
2426ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2427{
2428	char *end = str + size;
2429	int retval;
2430
2431	retval = 0;
2432
2433	for (; *str && str < end; str++) {
2434		switch (*str) {
2435		case '&':
2436			retval = sbuf_printf(sb, "&amp;");
2437			break;
2438		case '>':
2439			retval = sbuf_printf(sb, "&gt;");
2440			break;
2441		case '<':
2442			retval = sbuf_printf(sb, "&lt;");
2443			break;
2444		default:
2445			retval = sbuf_putc(sb, *str);
2446			break;
2447		}
2448
2449		if (retval != 0)
2450			break;
2451
2452	}
2453
2454	return (retval);
2455}
2456
2457static void
2458ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2459{
2460	struct scsi_vpd_id_descriptor *desc;
2461	int i;
2462
2463	if (id == NULL || id->len < 4)
2464		return;
2465	desc = (struct scsi_vpd_id_descriptor *)id->data;
2466	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2467	case SVPD_ID_TYPE_T10:
2468		sbuf_printf(sb, "t10.");
2469		break;
2470	case SVPD_ID_TYPE_EUI64:
2471		sbuf_printf(sb, "eui.");
2472		break;
2473	case SVPD_ID_TYPE_NAA:
2474		sbuf_printf(sb, "naa.");
2475		break;
2476	case SVPD_ID_TYPE_SCSI_NAME:
2477		break;
2478	}
2479	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2480	case SVPD_ID_CODESET_BINARY:
2481		for (i = 0; i < desc->length; i++)
2482			sbuf_printf(sb, "%02x", desc->identifier[i]);
2483		break;
2484	case SVPD_ID_CODESET_ASCII:
2485		sbuf_printf(sb, "%.*s", (int)desc->length,
2486		    (char *)desc->identifier);
2487		break;
2488	case SVPD_ID_CODESET_UTF8:
2489		sbuf_printf(sb, "%s", (char *)desc->identifier);
2490		break;
2491	}
2492}
2493
2494static int
2495ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2496	  struct thread *td)
2497{
2498	struct ctl_softc *softc = dev->si_drv1;
2499	struct ctl_lun *lun;
2500	int retval;
2501
2502	retval = 0;
2503
2504	switch (cmd) {
2505	case CTL_IO:
2506		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2507		break;
2508	case CTL_ENABLE_PORT:
2509	case CTL_DISABLE_PORT:
2510	case CTL_SET_PORT_WWNS: {
2511		struct ctl_port *port;
2512		struct ctl_port_entry *entry;
2513
2514		entry = (struct ctl_port_entry *)addr;
2515
2516		mtx_lock(&softc->ctl_lock);
2517		STAILQ_FOREACH(port, &softc->port_list, links) {
2518			int action, done;
2519
2520			if (port->targ_port < softc->port_min ||
2521			    port->targ_port >= softc->port_max)
2522				continue;
2523
2524			action = 0;
2525			done = 0;
2526			if ((entry->port_type == CTL_PORT_NONE)
2527			 && (entry->targ_port == port->targ_port)) {
2528				/*
2529				 * If the user only wants to enable or
2530				 * disable or set WWNs on a specific port,
2531				 * do the operation and we're done.
2532				 */
2533				action = 1;
2534				done = 1;
2535			} else if (entry->port_type & port->port_type) {
2536				/*
2537				 * Compare the user's type mask with the
2538				 * particular frontend type to see if we
2539				 * have a match.
2540				 */
2541				action = 1;
2542				done = 0;
2543
2544				/*
2545				 * Make sure the user isn't trying to set
2546				 * WWNs on multiple ports at the same time.
2547				 */
2548				if (cmd == CTL_SET_PORT_WWNS) {
2549					printf("%s: Can't set WWNs on "
2550					       "multiple ports\n", __func__);
2551					retval = EINVAL;
2552					break;
2553				}
2554			}
2555			if (action == 0)
2556				continue;
2557
2558			/*
2559			 * XXX KDM we have to drop the lock here, because
2560			 * the online/offline operations can potentially
2561			 * block.  We need to reference count the frontends
2562			 * so they can't go away,
2563			 */
2564			if (cmd == CTL_ENABLE_PORT) {
2565				mtx_unlock(&softc->ctl_lock);
2566				ctl_port_online(port);
2567				mtx_lock(&softc->ctl_lock);
2568			} else if (cmd == CTL_DISABLE_PORT) {
2569				mtx_unlock(&softc->ctl_lock);
2570				ctl_port_offline(port);
2571				mtx_lock(&softc->ctl_lock);
2572			} else if (cmd == CTL_SET_PORT_WWNS) {
2573				ctl_port_set_wwns(port,
2574				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2575				    1 : 0, entry->wwnn,
2576				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2577				    1 : 0, entry->wwpn);
2578			}
2579			if (done != 0)
2580				break;
2581		}
2582		mtx_unlock(&softc->ctl_lock);
2583		break;
2584	}
2585	case CTL_GET_OOA: {
2586		struct ctl_ooa *ooa_hdr;
2587		struct ctl_ooa_entry *entries;
2588		uint32_t cur_fill_num;
2589
2590		ooa_hdr = (struct ctl_ooa *)addr;
2591
2592		if ((ooa_hdr->alloc_len == 0)
2593		 || (ooa_hdr->alloc_num == 0)) {
2594			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2595			       "must be non-zero\n", __func__,
2596			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2597			retval = EINVAL;
2598			break;
2599		}
2600
2601		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2602		    sizeof(struct ctl_ooa_entry))) {
2603			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2604			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2605			       __func__, ooa_hdr->alloc_len,
2606			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2607			retval = EINVAL;
2608			break;
2609		}
2610
2611		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2612		if (entries == NULL) {
2613			printf("%s: could not allocate %d bytes for OOA "
2614			       "dump\n", __func__, ooa_hdr->alloc_len);
2615			retval = ENOMEM;
2616			break;
2617		}
2618
2619		mtx_lock(&softc->ctl_lock);
2620		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2621		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2622		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2623			mtx_unlock(&softc->ctl_lock);
2624			free(entries, M_CTL);
2625			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2626			       __func__, (uintmax_t)ooa_hdr->lun_num);
2627			retval = EINVAL;
2628			break;
2629		}
2630
2631		cur_fill_num = 0;
2632
2633		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2634			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2635				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2636				    ooa_hdr, entries);
2637			}
2638		} else {
2639			lun = softc->ctl_luns[ooa_hdr->lun_num];
2640			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2641			    entries);
2642		}
2643		mtx_unlock(&softc->ctl_lock);
2644
2645		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2646		ooa_hdr->fill_len = ooa_hdr->fill_num *
2647			sizeof(struct ctl_ooa_entry);
2648		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2649		if (retval != 0) {
2650			printf("%s: error copying out %d bytes for OOA dump\n",
2651			       __func__, ooa_hdr->fill_len);
2652		}
2653
2654		getbinuptime(&ooa_hdr->cur_bt);
2655
2656		if (cur_fill_num > ooa_hdr->alloc_num) {
2657			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2658			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2659		} else {
2660			ooa_hdr->dropped_num = 0;
2661			ooa_hdr->status = CTL_OOA_OK;
2662		}
2663
2664		free(entries, M_CTL);
2665		break;
2666	}
2667	case CTL_DELAY_IO: {
2668		struct ctl_io_delay_info *delay_info;
2669
2670		delay_info = (struct ctl_io_delay_info *)addr;
2671
2672#ifdef CTL_IO_DELAY
2673		mtx_lock(&softc->ctl_lock);
2674
2675		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2676		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2677			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2678		} else {
2679			lun = softc->ctl_luns[delay_info->lun_id];
2680			mtx_lock(&lun->lun_lock);
2681
2682			delay_info->status = CTL_DELAY_STATUS_OK;
2683
2684			switch (delay_info->delay_type) {
2685			case CTL_DELAY_TYPE_CONT:
2686				break;
2687			case CTL_DELAY_TYPE_ONESHOT:
2688				break;
2689			default:
2690				delay_info->status =
2691					CTL_DELAY_STATUS_INVALID_TYPE;
2692				break;
2693			}
2694
2695			switch (delay_info->delay_loc) {
2696			case CTL_DELAY_LOC_DATAMOVE:
2697				lun->delay_info.datamove_type =
2698					delay_info->delay_type;
2699				lun->delay_info.datamove_delay =
2700					delay_info->delay_secs;
2701				break;
2702			case CTL_DELAY_LOC_DONE:
2703				lun->delay_info.done_type =
2704					delay_info->delay_type;
2705				lun->delay_info.done_delay =
2706					delay_info->delay_secs;
2707				break;
2708			default:
2709				delay_info->status =
2710					CTL_DELAY_STATUS_INVALID_LOC;
2711				break;
2712			}
2713			mtx_unlock(&lun->lun_lock);
2714		}
2715
2716		mtx_unlock(&softc->ctl_lock);
2717#else
2718		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2719#endif /* CTL_IO_DELAY */
2720		break;
2721	}
2722	case CTL_GETSTATS: {
2723		struct ctl_stats *stats;
2724		int i;
2725
2726		stats = (struct ctl_stats *)addr;
2727
2728		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2729		     stats->alloc_len) {
2730			stats->status = CTL_SS_NEED_MORE_SPACE;
2731			stats->num_luns = softc->num_luns;
2732			break;
2733		}
2734		/*
2735		 * XXX KDM no locking here.  If the LUN list changes,
2736		 * things can blow up.
2737		 */
2738		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2739		     i++, lun = STAILQ_NEXT(lun, links)) {
2740			retval = copyout(&lun->stats, &stats->lun_stats[i],
2741					 sizeof(lun->stats));
2742			if (retval != 0)
2743				break;
2744		}
2745		stats->num_luns = softc->num_luns;
2746		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2747				 softc->num_luns;
2748		stats->status = CTL_SS_OK;
2749#ifdef CTL_TIME_IO
2750		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2751#else
2752		stats->flags = CTL_STATS_FLAG_NONE;
2753#endif
2754		getnanouptime(&stats->timestamp);
2755		break;
2756	}
2757	case CTL_ERROR_INJECT: {
2758		struct ctl_error_desc *err_desc, *new_err_desc;
2759
2760		err_desc = (struct ctl_error_desc *)addr;
2761
2762		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2763				      M_WAITOK | M_ZERO);
2764		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2765
2766		mtx_lock(&softc->ctl_lock);
2767		lun = softc->ctl_luns[err_desc->lun_id];
2768		if (lun == NULL) {
2769			mtx_unlock(&softc->ctl_lock);
2770			free(new_err_desc, M_CTL);
2771			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2772			       __func__, (uintmax_t)err_desc->lun_id);
2773			retval = EINVAL;
2774			break;
2775		}
2776		mtx_lock(&lun->lun_lock);
2777		mtx_unlock(&softc->ctl_lock);
2778
2779		/*
2780		 * We could do some checking here to verify the validity
2781		 * of the request, but given the complexity of error
2782		 * injection requests, the checking logic would be fairly
2783		 * complex.
2784		 *
2785		 * For now, if the request is invalid, it just won't get
2786		 * executed and might get deleted.
2787		 */
2788		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2789
2790		/*
2791		 * XXX KDM check to make sure the serial number is unique,
2792		 * in case we somehow manage to wrap.  That shouldn't
2793		 * happen for a very long time, but it's the right thing to
2794		 * do.
2795		 */
2796		new_err_desc->serial = lun->error_serial;
2797		err_desc->serial = lun->error_serial;
2798		lun->error_serial++;
2799
2800		mtx_unlock(&lun->lun_lock);
2801		break;
2802	}
2803	case CTL_ERROR_INJECT_DELETE: {
2804		struct ctl_error_desc *delete_desc, *desc, *desc2;
2805		int delete_done;
2806
2807		delete_desc = (struct ctl_error_desc *)addr;
2808		delete_done = 0;
2809
2810		mtx_lock(&softc->ctl_lock);
2811		lun = softc->ctl_luns[delete_desc->lun_id];
2812		if (lun == NULL) {
2813			mtx_unlock(&softc->ctl_lock);
2814			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2815			       __func__, (uintmax_t)delete_desc->lun_id);
2816			retval = EINVAL;
2817			break;
2818		}
2819		mtx_lock(&lun->lun_lock);
2820		mtx_unlock(&softc->ctl_lock);
2821		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2822			if (desc->serial != delete_desc->serial)
2823				continue;
2824
2825			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2826				      links);
2827			free(desc, M_CTL);
2828			delete_done = 1;
2829		}
2830		mtx_unlock(&lun->lun_lock);
2831		if (delete_done == 0) {
2832			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2833			       "error serial %ju on LUN %u\n", __func__,
2834			       delete_desc->serial, delete_desc->lun_id);
2835			retval = EINVAL;
2836			break;
2837		}
2838		break;
2839	}
2840	case CTL_DUMP_STRUCTS: {
2841		int i, j, k;
2842		struct ctl_port *port;
2843		struct ctl_frontend *fe;
2844
2845		mtx_lock(&softc->ctl_lock);
2846		printf("CTL Persistent Reservation information start:\n");
2847		for (i = 0; i < CTL_MAX_LUNS; i++) {
2848			lun = softc->ctl_luns[i];
2849
2850			if ((lun == NULL)
2851			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2852				continue;
2853
2854			for (j = 0; j < CTL_MAX_PORTS; j++) {
2855				if (lun->pr_keys[j] == NULL)
2856					continue;
2857				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2858					if (lun->pr_keys[j][k] == 0)
2859						continue;
2860					printf("  LUN %d port %d iid %d key "
2861					       "%#jx\n", i, j, k,
2862					       (uintmax_t)lun->pr_keys[j][k]);
2863				}
2864			}
2865		}
2866		printf("CTL Persistent Reservation information end\n");
2867		printf("CTL Ports:\n");
2868		STAILQ_FOREACH(port, &softc->port_list, links) {
2869			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2870			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2871			       port->frontend->name, port->port_type,
2872			       port->physical_port, port->virtual_port,
2873			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2874			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2875				if (port->wwpn_iid[j].in_use == 0 &&
2876				    port->wwpn_iid[j].wwpn == 0 &&
2877				    port->wwpn_iid[j].name == NULL)
2878					continue;
2879
2880				printf("    iid %u use %d WWPN %#jx '%s'\n",
2881				    j, port->wwpn_iid[j].in_use,
2882				    (uintmax_t)port->wwpn_iid[j].wwpn,
2883				    port->wwpn_iid[j].name);
2884			}
2885		}
2886		printf("CTL Port information end\n");
2887		mtx_unlock(&softc->ctl_lock);
2888		/*
2889		 * XXX KDM calling this without a lock.  We'd likely want
2890		 * to drop the lock before calling the frontend's dump
2891		 * routine anyway.
2892		 */
2893		printf("CTL Frontends:\n");
2894		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2895			printf("  Frontend '%s'\n", fe->name);
2896			if (fe->fe_dump != NULL)
2897				fe->fe_dump();
2898		}
2899		printf("CTL Frontend information end\n");
2900		break;
2901	}
2902	case CTL_LUN_REQ: {
2903		struct ctl_lun_req *lun_req;
2904		struct ctl_backend_driver *backend;
2905
2906		lun_req = (struct ctl_lun_req *)addr;
2907
2908		backend = ctl_backend_find(lun_req->backend);
2909		if (backend == NULL) {
2910			lun_req->status = CTL_LUN_ERROR;
2911			snprintf(lun_req->error_str,
2912				 sizeof(lun_req->error_str),
2913				 "Backend \"%s\" not found.",
2914				 lun_req->backend);
2915			break;
2916		}
2917		if (lun_req->num_be_args > 0) {
2918			lun_req->kern_be_args = ctl_copyin_args(
2919				lun_req->num_be_args,
2920				lun_req->be_args,
2921				lun_req->error_str,
2922				sizeof(lun_req->error_str));
2923			if (lun_req->kern_be_args == NULL) {
2924				lun_req->status = CTL_LUN_ERROR;
2925				break;
2926			}
2927		}
2928
2929		retval = backend->ioctl(dev, cmd, addr, flag, td);
2930
2931		if (lun_req->num_be_args > 0) {
2932			ctl_copyout_args(lun_req->num_be_args,
2933				      lun_req->kern_be_args);
2934			ctl_free_args(lun_req->num_be_args,
2935				      lun_req->kern_be_args);
2936		}
2937		break;
2938	}
2939	case CTL_LUN_LIST: {
2940		struct sbuf *sb;
2941		struct ctl_lun_list *list;
2942		struct ctl_option *opt;
2943
2944		list = (struct ctl_lun_list *)addr;
2945
2946		/*
2947		 * Allocate a fixed length sbuf here, based on the length
2948		 * of the user's buffer.  We could allocate an auto-extending
2949		 * buffer, and then tell the user how much larger our
2950		 * amount of data is than his buffer, but that presents
2951		 * some problems:
2952		 *
2953		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2954		 *     we can't hold a lock while calling them with an
2955		 *     auto-extending buffer.
2956 		 *
2957		 * 2.  There is not currently a LUN reference counting
2958		 *     mechanism, outside of outstanding transactions on
2959		 *     the LUN's OOA queue.  So a LUN could go away on us
2960		 *     while we're getting the LUN number, backend-specific
2961		 *     information, etc.  Thus, given the way things
2962		 *     currently work, we need to hold the CTL lock while
2963		 *     grabbing LUN information.
2964		 *
2965		 * So, from the user's standpoint, the best thing to do is
2966		 * allocate what he thinks is a reasonable buffer length,
2967		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2968		 * double the buffer length and try again.  (And repeat
2969		 * that until he succeeds.)
2970		 */
2971		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2972		if (sb == NULL) {
2973			list->status = CTL_LUN_LIST_ERROR;
2974			snprintf(list->error_str, sizeof(list->error_str),
2975				 "Unable to allocate %d bytes for LUN list",
2976				 list->alloc_len);
2977			break;
2978		}
2979
2980		sbuf_printf(sb, "<ctllunlist>\n");
2981
2982		mtx_lock(&softc->ctl_lock);
2983		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2984			mtx_lock(&lun->lun_lock);
2985			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2986					     (uintmax_t)lun->lun);
2987
2988			/*
2989			 * Bail out as soon as we see that we've overfilled
2990			 * the buffer.
2991			 */
2992			if (retval != 0)
2993				break;
2994
2995			retval = sbuf_printf(sb, "\t<backend_type>%s"
2996					     "</backend_type>\n",
2997					     (lun->backend == NULL) ?  "none" :
2998					     lun->backend->name);
2999
3000			if (retval != 0)
3001				break;
3002
3003			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3004					     lun->be_lun->lun_type);
3005
3006			if (retval != 0)
3007				break;
3008
3009			if (lun->backend == NULL) {
3010				retval = sbuf_printf(sb, "</lun>\n");
3011				if (retval != 0)
3012					break;
3013				continue;
3014			}
3015
3016			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3017					     (lun->be_lun->maxlba > 0) ?
3018					     lun->be_lun->maxlba + 1 : 0);
3019
3020			if (retval != 0)
3021				break;
3022
3023			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3024					     lun->be_lun->blocksize);
3025
3026			if (retval != 0)
3027				break;
3028
3029			retval = sbuf_printf(sb, "\t<serial_number>");
3030
3031			if (retval != 0)
3032				break;
3033
3034			retval = ctl_sbuf_printf_esc(sb,
3035			    lun->be_lun->serial_num,
3036			    sizeof(lun->be_lun->serial_num));
3037
3038			if (retval != 0)
3039				break;
3040
3041			retval = sbuf_printf(sb, "</serial_number>\n");
3042
3043			if (retval != 0)
3044				break;
3045
3046			retval = sbuf_printf(sb, "\t<device_id>");
3047
3048			if (retval != 0)
3049				break;
3050
3051			retval = ctl_sbuf_printf_esc(sb,
3052			    lun->be_lun->device_id,
3053			    sizeof(lun->be_lun->device_id));
3054
3055			if (retval != 0)
3056				break;
3057
3058			retval = sbuf_printf(sb, "</device_id>\n");
3059
3060			if (retval != 0)
3061				break;
3062
3063			if (lun->backend->lun_info != NULL) {
3064				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3065				if (retval != 0)
3066					break;
3067			}
3068			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3069				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3070				    opt->name, opt->value, opt->name);
3071				if (retval != 0)
3072					break;
3073			}
3074
3075			retval = sbuf_printf(sb, "</lun>\n");
3076
3077			if (retval != 0)
3078				break;
3079			mtx_unlock(&lun->lun_lock);
3080		}
3081		if (lun != NULL)
3082			mtx_unlock(&lun->lun_lock);
3083		mtx_unlock(&softc->ctl_lock);
3084
3085		if ((retval != 0)
3086		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3087			retval = 0;
3088			sbuf_delete(sb);
3089			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3090			snprintf(list->error_str, sizeof(list->error_str),
3091				 "Out of space, %d bytes is too small",
3092				 list->alloc_len);
3093			break;
3094		}
3095
3096		sbuf_finish(sb);
3097
3098		retval = copyout(sbuf_data(sb), list->lun_xml,
3099				 sbuf_len(sb) + 1);
3100
3101		list->fill_len = sbuf_len(sb) + 1;
3102		list->status = CTL_LUN_LIST_OK;
3103		sbuf_delete(sb);
3104		break;
3105	}
3106	case CTL_ISCSI: {
3107		struct ctl_iscsi *ci;
3108		struct ctl_frontend *fe;
3109
3110		ci = (struct ctl_iscsi *)addr;
3111
3112		fe = ctl_frontend_find("iscsi");
3113		if (fe == NULL) {
3114			ci->status = CTL_ISCSI_ERROR;
3115			snprintf(ci->error_str, sizeof(ci->error_str),
3116			    "Frontend \"iscsi\" not found.");
3117			break;
3118		}
3119
3120		retval = fe->ioctl(dev, cmd, addr, flag, td);
3121		break;
3122	}
3123	case CTL_PORT_REQ: {
3124		struct ctl_req *req;
3125		struct ctl_frontend *fe;
3126
3127		req = (struct ctl_req *)addr;
3128
3129		fe = ctl_frontend_find(req->driver);
3130		if (fe == NULL) {
3131			req->status = CTL_LUN_ERROR;
3132			snprintf(req->error_str, sizeof(req->error_str),
3133			    "Frontend \"%s\" not found.", req->driver);
3134			break;
3135		}
3136		if (req->num_args > 0) {
3137			req->kern_args = ctl_copyin_args(req->num_args,
3138			    req->args, req->error_str, sizeof(req->error_str));
3139			if (req->kern_args == NULL) {
3140				req->status = CTL_LUN_ERROR;
3141				break;
3142			}
3143		}
3144
3145		if (fe->ioctl)
3146			retval = fe->ioctl(dev, cmd, addr, flag, td);
3147		else
3148			retval = ENODEV;
3149
3150		if (req->num_args > 0) {
3151			ctl_copyout_args(req->num_args, req->kern_args);
3152			ctl_free_args(req->num_args, req->kern_args);
3153		}
3154		break;
3155	}
3156	case CTL_PORT_LIST: {
3157		struct sbuf *sb;
3158		struct ctl_port *port;
3159		struct ctl_lun_list *list;
3160		struct ctl_option *opt;
3161		int j;
3162		uint32_t plun;
3163
3164		list = (struct ctl_lun_list *)addr;
3165
3166		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3167		if (sb == NULL) {
3168			list->status = CTL_LUN_LIST_ERROR;
3169			snprintf(list->error_str, sizeof(list->error_str),
3170				 "Unable to allocate %d bytes for LUN list",
3171				 list->alloc_len);
3172			break;
3173		}
3174
3175		sbuf_printf(sb, "<ctlportlist>\n");
3176
3177		mtx_lock(&softc->ctl_lock);
3178		STAILQ_FOREACH(port, &softc->port_list, links) {
3179			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3180					     (uintmax_t)port->targ_port);
3181
3182			/*
3183			 * Bail out as soon as we see that we've overfilled
3184			 * the buffer.
3185			 */
3186			if (retval != 0)
3187				break;
3188
3189			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3190			    "</frontend_type>\n", port->frontend->name);
3191			if (retval != 0)
3192				break;
3193
3194			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3195					     port->port_type);
3196			if (retval != 0)
3197				break;
3198
3199			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3200			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3201			if (retval != 0)
3202				break;
3203
3204			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3205			    port->port_name);
3206			if (retval != 0)
3207				break;
3208
3209			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3210			    port->physical_port);
3211			if (retval != 0)
3212				break;
3213
3214			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3215			    port->virtual_port);
3216			if (retval != 0)
3217				break;
3218
3219			if (port->target_devid != NULL) {
3220				sbuf_printf(sb, "\t<target>");
3221				ctl_id_sbuf(port->target_devid, sb);
3222				sbuf_printf(sb, "</target>\n");
3223			}
3224
3225			if (port->port_devid != NULL) {
3226				sbuf_printf(sb, "\t<port>");
3227				ctl_id_sbuf(port->port_devid, sb);
3228				sbuf_printf(sb, "</port>\n");
3229			}
3230
3231			if (port->port_info != NULL) {
3232				retval = port->port_info(port->onoff_arg, sb);
3233				if (retval != 0)
3234					break;
3235			}
3236			STAILQ_FOREACH(opt, &port->options, links) {
3237				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3238				    opt->name, opt->value, opt->name);
3239				if (retval != 0)
3240					break;
3241			}
3242
3243			if (port->lun_map != NULL) {
3244				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3245				for (j = 0; j < CTL_MAX_LUNS; j++) {
3246					plun = ctl_lun_map_from_port(port, j);
3247					if (plun >= CTL_MAX_LUNS)
3248						continue;
3249					sbuf_printf(sb,
3250					    "\t<lun id=\"%u\">%u</lun>\n",
3251					    j, plun);
3252				}
3253			}
3254
3255			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3256				if (port->wwpn_iid[j].in_use == 0 ||
3257				    (port->wwpn_iid[j].wwpn == 0 &&
3258				     port->wwpn_iid[j].name == NULL))
3259					continue;
3260
3261				if (port->wwpn_iid[j].name != NULL)
3262					retval = sbuf_printf(sb,
3263					    "\t<initiator id=\"%u\">%s</initiator>\n",
3264					    j, port->wwpn_iid[j].name);
3265				else
3266					retval = sbuf_printf(sb,
3267					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3268					    j, port->wwpn_iid[j].wwpn);
3269				if (retval != 0)
3270					break;
3271			}
3272			if (retval != 0)
3273				break;
3274
3275			retval = sbuf_printf(sb, "</targ_port>\n");
3276			if (retval != 0)
3277				break;
3278		}
3279		mtx_unlock(&softc->ctl_lock);
3280
3281		if ((retval != 0)
3282		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3283			retval = 0;
3284			sbuf_delete(sb);
3285			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3286			snprintf(list->error_str, sizeof(list->error_str),
3287				 "Out of space, %d bytes is too small",
3288				 list->alloc_len);
3289			break;
3290		}
3291
3292		sbuf_finish(sb);
3293
3294		retval = copyout(sbuf_data(sb), list->lun_xml,
3295				 sbuf_len(sb) + 1);
3296
3297		list->fill_len = sbuf_len(sb) + 1;
3298		list->status = CTL_LUN_LIST_OK;
3299		sbuf_delete(sb);
3300		break;
3301	}
3302	case CTL_LUN_MAP: {
3303		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3304		struct ctl_port *port;
3305
3306		mtx_lock(&softc->ctl_lock);
3307		if (lm->port < softc->port_min ||
3308		    lm->port >= softc->port_max ||
3309		    (port = softc->ctl_ports[lm->port]) == NULL) {
3310			mtx_unlock(&softc->ctl_lock);
3311			return (ENXIO);
3312		}
3313		if (port->status & CTL_PORT_STATUS_ONLINE) {
3314			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3315				if (ctl_lun_map_to_port(port, lun->lun) >=
3316				    CTL_MAX_LUNS)
3317					continue;
3318				mtx_lock(&lun->lun_lock);
3319				ctl_est_ua_port(lun, lm->port, -1,
3320				    CTL_UA_LUN_CHANGE);
3321				mtx_unlock(&lun->lun_lock);
3322			}
3323		}
3324		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3325		if (lm->plun < CTL_MAX_LUNS) {
3326			if (lm->lun == UINT32_MAX)
3327				retval = ctl_lun_map_unset(port, lm->plun);
3328			else if (lm->lun < CTL_MAX_LUNS &&
3329			    softc->ctl_luns[lm->lun] != NULL)
3330				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3331			else
3332				return (ENXIO);
3333		} else if (lm->plun == UINT32_MAX) {
3334			if (lm->lun == UINT32_MAX)
3335				retval = ctl_lun_map_deinit(port);
3336			else
3337				retval = ctl_lun_map_init(port);
3338		} else
3339			return (ENXIO);
3340		if (port->status & CTL_PORT_STATUS_ONLINE)
3341			ctl_isc_announce_port(port);
3342		break;
3343	}
3344	default: {
3345		/* XXX KDM should we fix this? */
3346#if 0
3347		struct ctl_backend_driver *backend;
3348		unsigned int type;
3349		int found;
3350
3351		found = 0;
3352
3353		/*
3354		 * We encode the backend type as the ioctl type for backend
3355		 * ioctls.  So parse it out here, and then search for a
3356		 * backend of this type.
3357		 */
3358		type = _IOC_TYPE(cmd);
3359
3360		STAILQ_FOREACH(backend, &softc->be_list, links) {
3361			if (backend->type == type) {
3362				found = 1;
3363				break;
3364			}
3365		}
3366		if (found == 0) {
3367			printf("ctl: unknown ioctl command %#lx or backend "
3368			       "%d\n", cmd, type);
3369			retval = EINVAL;
3370			break;
3371		}
3372		retval = backend->ioctl(dev, cmd, addr, flag, td);
3373#endif
3374		retval = ENOTTY;
3375		break;
3376	}
3377	}
3378	return (retval);
3379}
3380
3381uint32_t
3382ctl_get_initindex(struct ctl_nexus *nexus)
3383{
3384	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3385}
3386
3387int
3388ctl_lun_map_init(struct ctl_port *port)
3389{
3390	struct ctl_softc *softc = port->ctl_softc;
3391	struct ctl_lun *lun;
3392	uint32_t i;
3393
3394	if (port->lun_map == NULL)
3395		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3396		    M_CTL, M_NOWAIT);
3397	if (port->lun_map == NULL)
3398		return (ENOMEM);
3399	for (i = 0; i < CTL_MAX_LUNS; i++)
3400		port->lun_map[i] = UINT32_MAX;
3401	if (port->status & CTL_PORT_STATUS_ONLINE) {
3402		if (port->lun_disable != NULL) {
3403			STAILQ_FOREACH(lun, &softc->lun_list, links)
3404				port->lun_disable(port->targ_lun_arg, lun->lun);
3405		}
3406		ctl_isc_announce_port(port);
3407	}
3408	return (0);
3409}
3410
3411int
3412ctl_lun_map_deinit(struct ctl_port *port)
3413{
3414	struct ctl_softc *softc = port->ctl_softc;
3415	struct ctl_lun *lun;
3416
3417	if (port->lun_map == NULL)
3418		return (0);
3419	free(port->lun_map, M_CTL);
3420	port->lun_map = NULL;
3421	if (port->status & CTL_PORT_STATUS_ONLINE) {
3422		if (port->lun_enable != NULL) {
3423			STAILQ_FOREACH(lun, &softc->lun_list, links)
3424				port->lun_enable(port->targ_lun_arg, lun->lun);
3425		}
3426		ctl_isc_announce_port(port);
3427	}
3428	return (0);
3429}
3430
3431int
3432ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3433{
3434	int status;
3435	uint32_t old;
3436
3437	if (port->lun_map == NULL) {
3438		status = ctl_lun_map_init(port);
3439		if (status != 0)
3440			return (status);
3441	}
3442	old = port->lun_map[plun];
3443	port->lun_map[plun] = glun;
3444	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3445		if (port->lun_enable != NULL)
3446			port->lun_enable(port->targ_lun_arg, plun);
3447		ctl_isc_announce_port(port);
3448	}
3449	return (0);
3450}
3451
3452int
3453ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3454{
3455	uint32_t old;
3456
3457	if (port->lun_map == NULL)
3458		return (0);
3459	old = port->lun_map[plun];
3460	port->lun_map[plun] = UINT32_MAX;
3461	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3462		if (port->lun_disable != NULL)
3463			port->lun_disable(port->targ_lun_arg, plun);
3464		ctl_isc_announce_port(port);
3465	}
3466	return (0);
3467}
3468
3469uint32_t
3470ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3471{
3472
3473	if (port == NULL)
3474		return (UINT32_MAX);
3475	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3476		return (lun_id);
3477	return (port->lun_map[lun_id]);
3478}
3479
3480uint32_t
3481ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3482{
3483	uint32_t i;
3484
3485	if (port == NULL)
3486		return (UINT32_MAX);
3487	if (port->lun_map == NULL)
3488		return (lun_id);
3489	for (i = 0; i < CTL_MAX_LUNS; i++) {
3490		if (port->lun_map[i] == lun_id)
3491			return (i);
3492	}
3493	return (UINT32_MAX);
3494}
3495
3496static struct ctl_port *
3497ctl_io_port(struct ctl_io_hdr *io_hdr)
3498{
3499
3500	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3501}
3502
3503int
3504ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3505{
3506	int i;
3507
3508	for (i = first; i < last; i++) {
3509		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3510			return (i);
3511	}
3512	return (-1);
3513}
3514
3515int
3516ctl_set_mask(uint32_t *mask, uint32_t bit)
3517{
3518	uint32_t chunk, piece;
3519
3520	chunk = bit >> 5;
3521	piece = bit % (sizeof(uint32_t) * 8);
3522
3523	if ((mask[chunk] & (1 << piece)) != 0)
3524		return (-1);
3525	else
3526		mask[chunk] |= (1 << piece);
3527
3528	return (0);
3529}
3530
3531int
3532ctl_clear_mask(uint32_t *mask, uint32_t bit)
3533{
3534	uint32_t chunk, piece;
3535
3536	chunk = bit >> 5;
3537	piece = bit % (sizeof(uint32_t) * 8);
3538
3539	if ((mask[chunk] & (1 << piece)) == 0)
3540		return (-1);
3541	else
3542		mask[chunk] &= ~(1 << piece);
3543
3544	return (0);
3545}
3546
3547int
3548ctl_is_set(uint32_t *mask, uint32_t bit)
3549{
3550	uint32_t chunk, piece;
3551
3552	chunk = bit >> 5;
3553	piece = bit % (sizeof(uint32_t) * 8);
3554
3555	if ((mask[chunk] & (1 << piece)) == 0)
3556		return (0);
3557	else
3558		return (1);
3559}
3560
3561static uint64_t
3562ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3563{
3564	uint64_t *t;
3565
3566	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3567	if (t == NULL)
3568		return (0);
3569	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3570}
3571
3572static void
3573ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3574{
3575	uint64_t *t;
3576
3577	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3578	if (t == NULL)
3579		return;
3580	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3581}
3582
3583static void
3584ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3585{
3586	uint64_t *p;
3587	u_int i;
3588
3589	i = residx/CTL_MAX_INIT_PER_PORT;
3590	if (lun->pr_keys[i] != NULL)
3591		return;
3592	mtx_unlock(&lun->lun_lock);
3593	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3594	    M_WAITOK | M_ZERO);
3595	mtx_lock(&lun->lun_lock);
3596	if (lun->pr_keys[i] == NULL)
3597		lun->pr_keys[i] = p;
3598	else
3599		free(p, M_CTL);
3600}
3601
3602static void
3603ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3604{
3605	uint64_t *t;
3606
3607	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3608	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3609	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3610}
3611
3612/*
3613 * ctl_softc, pool_name, total_ctl_io are passed in.
3614 * npool is passed out.
3615 */
3616int
3617ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3618		uint32_t total_ctl_io, void **npool)
3619{
3620#ifdef IO_POOLS
3621	struct ctl_io_pool *pool;
3622
3623	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3624					    M_NOWAIT | M_ZERO);
3625	if (pool == NULL)
3626		return (ENOMEM);
3627
3628	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3629	pool->ctl_softc = ctl_softc;
3630	pool->zone = uma_zsecond_create(pool->name, NULL,
3631	    NULL, NULL, NULL, ctl_softc->io_zone);
3632	/* uma_prealloc(pool->zone, total_ctl_io); */
3633
3634	*npool = pool;
3635#else
3636	*npool = ctl_softc->io_zone;
3637#endif
3638	return (0);
3639}
3640
3641void
3642ctl_pool_free(struct ctl_io_pool *pool)
3643{
3644
3645	if (pool == NULL)
3646		return;
3647
3648#ifdef IO_POOLS
3649	uma_zdestroy(pool->zone);
3650	free(pool, M_CTL);
3651#endif
3652}
3653
3654union ctl_io *
3655ctl_alloc_io(void *pool_ref)
3656{
3657	union ctl_io *io;
3658#ifdef IO_POOLS
3659	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3660
3661	io = uma_zalloc(pool->zone, M_WAITOK);
3662#else
3663	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3664#endif
3665	if (io != NULL)
3666		io->io_hdr.pool = pool_ref;
3667	return (io);
3668}
3669
3670union ctl_io *
3671ctl_alloc_io_nowait(void *pool_ref)
3672{
3673	union ctl_io *io;
3674#ifdef IO_POOLS
3675	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3676
3677	io = uma_zalloc(pool->zone, M_NOWAIT);
3678#else
3679	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3680#endif
3681	if (io != NULL)
3682		io->io_hdr.pool = pool_ref;
3683	return (io);
3684}
3685
3686void
3687ctl_free_io(union ctl_io *io)
3688{
3689#ifdef IO_POOLS
3690	struct ctl_io_pool *pool;
3691#endif
3692
3693	if (io == NULL)
3694		return;
3695
3696#ifdef IO_POOLS
3697	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3698	uma_zfree(pool->zone, io);
3699#else
3700	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3701#endif
3702}
3703
3704void
3705ctl_zero_io(union ctl_io *io)
3706{
3707	void *pool_ref;
3708
3709	if (io == NULL)
3710		return;
3711
3712	/*
3713	 * May need to preserve linked list pointers at some point too.
3714	 */
3715	pool_ref = io->io_hdr.pool;
3716	memset(io, 0, sizeof(*io));
3717	io->io_hdr.pool = pool_ref;
3718}
3719
3720/*
3721 * This routine is currently used for internal copies of ctl_ios that need
3722 * to persist for some reason after we've already returned status to the
3723 * FETD.  (Thus the flag set.)
3724 *
3725 * XXX XXX
3726 * Note that this makes a blind copy of all fields in the ctl_io, except
3727 * for the pool reference.  This includes any memory that has been
3728 * allocated!  That memory will no longer be valid after done has been
3729 * called, so this would be VERY DANGEROUS for command that actually does
3730 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3731 * start and stop commands, which don't transfer any data, so this is not a
3732 * problem.  If it is used for anything else, the caller would also need to
3733 * allocate data buffer space and this routine would need to be modified to
3734 * copy the data buffer(s) as well.
3735 */
3736void
3737ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3738{
3739	void *pool_ref;
3740
3741	if ((src == NULL)
3742	 || (dest == NULL))
3743		return;
3744
3745	/*
3746	 * May need to preserve linked list pointers at some point too.
3747	 */
3748	pool_ref = dest->io_hdr.pool;
3749
3750	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3751
3752	dest->io_hdr.pool = pool_ref;
3753	/*
3754	 * We need to know that this is an internal copy, and doesn't need
3755	 * to get passed back to the FETD that allocated it.
3756	 */
3757	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3758}
3759
3760int
3761ctl_expand_number(const char *buf, uint64_t *num)
3762{
3763	char *endptr;
3764	uint64_t number;
3765	unsigned shift;
3766
3767	number = strtoq(buf, &endptr, 0);
3768
3769	switch (tolower((unsigned char)*endptr)) {
3770	case 'e':
3771		shift = 60;
3772		break;
3773	case 'p':
3774		shift = 50;
3775		break;
3776	case 't':
3777		shift = 40;
3778		break;
3779	case 'g':
3780		shift = 30;
3781		break;
3782	case 'm':
3783		shift = 20;
3784		break;
3785	case 'k':
3786		shift = 10;
3787		break;
3788	case 'b':
3789	case '\0': /* No unit. */
3790		*num = number;
3791		return (0);
3792	default:
3793		/* Unrecognized unit. */
3794		return (-1);
3795	}
3796
3797	if ((number << shift) >> shift != number) {
3798		/* Overflow */
3799		return (-1);
3800	}
3801	*num = number << shift;
3802	return (0);
3803}
3804
3805
3806/*
3807 * This routine could be used in the future to load default and/or saved
3808 * mode page parameters for a particuar lun.
3809 */
3810static int
3811ctl_init_page_index(struct ctl_lun *lun)
3812{
3813	int i;
3814	struct ctl_page_index *page_index;
3815	const char *value;
3816	uint64_t ival;
3817
3818	memcpy(&lun->mode_pages.index, page_index_template,
3819	       sizeof(page_index_template));
3820
3821	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3822
3823		page_index = &lun->mode_pages.index[i];
3824		if (lun->be_lun->lun_type != T_DIRECT &&
3825		    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3826			continue;
3827
3828		switch (page_index->page_code & SMPH_PC_MASK) {
3829		case SMS_RW_ERROR_RECOVERY_PAGE: {
3830			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3831				panic("subpage is incorrect!");
3832			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3833			       &rw_er_page_default,
3834			       sizeof(rw_er_page_default));
3835			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3836			       &rw_er_page_changeable,
3837			       sizeof(rw_er_page_changeable));
3838			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3839			       &rw_er_page_default,
3840			       sizeof(rw_er_page_default));
3841			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3842			       &rw_er_page_default,
3843			       sizeof(rw_er_page_default));
3844			page_index->page_data =
3845				(uint8_t *)lun->mode_pages.rw_er_page;
3846			break;
3847		}
3848		case SMS_FORMAT_DEVICE_PAGE: {
3849			struct scsi_format_page *format_page;
3850
3851			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3852				panic("subpage is incorrect!");
3853
3854			/*
3855			 * Sectors per track are set above.  Bytes per
3856			 * sector need to be set here on a per-LUN basis.
3857			 */
3858			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3859			       &format_page_default,
3860			       sizeof(format_page_default));
3861			memcpy(&lun->mode_pages.format_page[
3862			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3863			       sizeof(format_page_changeable));
3864			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3865			       &format_page_default,
3866			       sizeof(format_page_default));
3867			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3868			       &format_page_default,
3869			       sizeof(format_page_default));
3870
3871			format_page = &lun->mode_pages.format_page[
3872				CTL_PAGE_CURRENT];
3873			scsi_ulto2b(lun->be_lun->blocksize,
3874				    format_page->bytes_per_sector);
3875
3876			format_page = &lun->mode_pages.format_page[
3877				CTL_PAGE_DEFAULT];
3878			scsi_ulto2b(lun->be_lun->blocksize,
3879				    format_page->bytes_per_sector);
3880
3881			format_page = &lun->mode_pages.format_page[
3882				CTL_PAGE_SAVED];
3883			scsi_ulto2b(lun->be_lun->blocksize,
3884				    format_page->bytes_per_sector);
3885
3886			page_index->page_data =
3887				(uint8_t *)lun->mode_pages.format_page;
3888			break;
3889		}
3890		case SMS_RIGID_DISK_PAGE: {
3891			struct scsi_rigid_disk_page *rigid_disk_page;
3892			uint32_t sectors_per_cylinder;
3893			uint64_t cylinders;
3894#ifndef	__XSCALE__
3895			int shift;
3896#endif /* !__XSCALE__ */
3897
3898			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3899				panic("invalid subpage value %d",
3900				      page_index->subpage);
3901
3902			/*
3903			 * Rotation rate and sectors per track are set
3904			 * above.  We calculate the cylinders here based on
3905			 * capacity.  Due to the number of heads and
3906			 * sectors per track we're using, smaller arrays
3907			 * may turn out to have 0 cylinders.  Linux and
3908			 * FreeBSD don't pay attention to these mode pages
3909			 * to figure out capacity, but Solaris does.  It
3910			 * seems to deal with 0 cylinders just fine, and
3911			 * works out a fake geometry based on the capacity.
3912			 */
3913			memcpy(&lun->mode_pages.rigid_disk_page[
3914			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3915			       sizeof(rigid_disk_page_default));
3916			memcpy(&lun->mode_pages.rigid_disk_page[
3917			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3918			       sizeof(rigid_disk_page_changeable));
3919
3920			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3921				CTL_DEFAULT_HEADS;
3922
3923			/*
3924			 * The divide method here will be more accurate,
3925			 * probably, but results in floating point being
3926			 * used in the kernel on i386 (__udivdi3()).  On the
3927			 * XScale, though, __udivdi3() is implemented in
3928			 * software.
3929			 *
3930			 * The shift method for cylinder calculation is
3931			 * accurate if sectors_per_cylinder is a power of
3932			 * 2.  Otherwise it might be slightly off -- you
3933			 * might have a bit of a truncation problem.
3934			 */
3935#ifdef	__XSCALE__
3936			cylinders = (lun->be_lun->maxlba + 1) /
3937				sectors_per_cylinder;
3938#else
3939			for (shift = 31; shift > 0; shift--) {
3940				if (sectors_per_cylinder & (1 << shift))
3941					break;
3942			}
3943			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3944#endif
3945
3946			/*
3947			 * We've basically got 3 bytes, or 24 bits for the
3948			 * cylinder size in the mode page.  If we're over,
3949			 * just round down to 2^24.
3950			 */
3951			if (cylinders > 0xffffff)
3952				cylinders = 0xffffff;
3953
3954			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3955				CTL_PAGE_DEFAULT];
3956			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3957
3958			if ((value = ctl_get_opt(&lun->be_lun->options,
3959			    "rpm")) != NULL) {
3960				scsi_ulto2b(strtol(value, NULL, 0),
3961				     rigid_disk_page->rotation_rate);
3962			}
3963
3964			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3965			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3966			       sizeof(rigid_disk_page_default));
3967			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3968			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3969			       sizeof(rigid_disk_page_default));
3970
3971			page_index->page_data =
3972				(uint8_t *)lun->mode_pages.rigid_disk_page;
3973			break;
3974		}
3975		case SMS_CACHING_PAGE: {
3976			struct scsi_caching_page *caching_page;
3977
3978			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3979				panic("invalid subpage value %d",
3980				      page_index->subpage);
3981			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3982			       &caching_page_default,
3983			       sizeof(caching_page_default));
3984			memcpy(&lun->mode_pages.caching_page[
3985			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3986			       sizeof(caching_page_changeable));
3987			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3988			       &caching_page_default,
3989			       sizeof(caching_page_default));
3990			caching_page = &lun->mode_pages.caching_page[
3991			    CTL_PAGE_SAVED];
3992			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3993			if (value != NULL && strcmp(value, "off") == 0)
3994				caching_page->flags1 &= ~SCP_WCE;
3995			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3996			if (value != NULL && strcmp(value, "off") == 0)
3997				caching_page->flags1 |= SCP_RCD;
3998			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3999			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4000			       sizeof(caching_page_default));
4001			page_index->page_data =
4002				(uint8_t *)lun->mode_pages.caching_page;
4003			break;
4004		}
4005		case SMS_CONTROL_MODE_PAGE: {
4006			switch (page_index->subpage) {
4007			case SMS_SUBPAGE_PAGE_0: {
4008				struct scsi_control_page *control_page;
4009
4010				memcpy(&lun->mode_pages.control_page[
4011				    CTL_PAGE_DEFAULT],
4012				       &control_page_default,
4013				       sizeof(control_page_default));
4014				memcpy(&lun->mode_pages.control_page[
4015				    CTL_PAGE_CHANGEABLE],
4016				       &control_page_changeable,
4017				       sizeof(control_page_changeable));
4018				memcpy(&lun->mode_pages.control_page[
4019				    CTL_PAGE_SAVED],
4020				       &control_page_default,
4021				       sizeof(control_page_default));
4022				control_page = &lun->mode_pages.control_page[
4023				    CTL_PAGE_SAVED];
4024				value = ctl_get_opt(&lun->be_lun->options,
4025				    "reordering");
4026				if (value != NULL &&
4027				    strcmp(value, "unrestricted") == 0) {
4028					control_page->queue_flags &=
4029					    ~SCP_QUEUE_ALG_MASK;
4030					control_page->queue_flags |=
4031					    SCP_QUEUE_ALG_UNRESTRICTED;
4032				}
4033				memcpy(&lun->mode_pages.control_page[
4034				    CTL_PAGE_CURRENT],
4035				       &lun->mode_pages.control_page[
4036				    CTL_PAGE_SAVED],
4037				       sizeof(control_page_default));
4038				page_index->page_data =
4039				    (uint8_t *)lun->mode_pages.control_page;
4040				break;
4041			}
4042			case 0x01:
4043				memcpy(&lun->mode_pages.control_ext_page[
4044				    CTL_PAGE_DEFAULT],
4045				       &control_ext_page_default,
4046				       sizeof(control_ext_page_default));
4047				memcpy(&lun->mode_pages.control_ext_page[
4048				    CTL_PAGE_CHANGEABLE],
4049				       &control_ext_page_changeable,
4050				       sizeof(control_ext_page_changeable));
4051				memcpy(&lun->mode_pages.control_ext_page[
4052				    CTL_PAGE_SAVED],
4053				       &control_ext_page_default,
4054				       sizeof(control_ext_page_default));
4055				memcpy(&lun->mode_pages.control_ext_page[
4056				    CTL_PAGE_CURRENT],
4057				       &lun->mode_pages.control_ext_page[
4058				    CTL_PAGE_SAVED],
4059				       sizeof(control_ext_page_default));
4060				page_index->page_data =
4061				    (uint8_t *)lun->mode_pages.control_ext_page;
4062				break;
4063			}
4064			break;
4065		}
4066		case SMS_INFO_EXCEPTIONS_PAGE: {
4067			switch (page_index->subpage) {
4068			case SMS_SUBPAGE_PAGE_0:
4069				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4070				       &ie_page_default,
4071				       sizeof(ie_page_default));
4072				memcpy(&lun->mode_pages.ie_page[
4073				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4074				       sizeof(ie_page_changeable));
4075				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4076				       &ie_page_default,
4077				       sizeof(ie_page_default));
4078				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4079				       &ie_page_default,
4080				       sizeof(ie_page_default));
4081				page_index->page_data =
4082					(uint8_t *)lun->mode_pages.ie_page;
4083				break;
4084			case 0x02: {
4085				struct ctl_logical_block_provisioning_page *page;
4086
4087				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4088				       &lbp_page_default,
4089				       sizeof(lbp_page_default));
4090				memcpy(&lun->mode_pages.lbp_page[
4091				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4092				       sizeof(lbp_page_changeable));
4093				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4094				       &lbp_page_default,
4095				       sizeof(lbp_page_default));
4096				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4097				value = ctl_get_opt(&lun->be_lun->options,
4098				    "avail-threshold");
4099				if (value != NULL &&
4100				    ctl_expand_number(value, &ival) == 0) {
4101					page->descr[0].flags |= SLBPPD_ENABLED |
4102					    SLBPPD_ARMING_DEC;
4103					if (lun->be_lun->blocksize)
4104						ival /= lun->be_lun->blocksize;
4105					else
4106						ival /= 512;
4107					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4108					    page->descr[0].count);
4109				}
4110				value = ctl_get_opt(&lun->be_lun->options,
4111				    "used-threshold");
4112				if (value != NULL &&
4113				    ctl_expand_number(value, &ival) == 0) {
4114					page->descr[1].flags |= SLBPPD_ENABLED |
4115					    SLBPPD_ARMING_INC;
4116					if (lun->be_lun->blocksize)
4117						ival /= lun->be_lun->blocksize;
4118					else
4119						ival /= 512;
4120					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4121					    page->descr[1].count);
4122				}
4123				value = ctl_get_opt(&lun->be_lun->options,
4124				    "pool-avail-threshold");
4125				if (value != NULL &&
4126				    ctl_expand_number(value, &ival) == 0) {
4127					page->descr[2].flags |= SLBPPD_ENABLED |
4128					    SLBPPD_ARMING_DEC;
4129					if (lun->be_lun->blocksize)
4130						ival /= lun->be_lun->blocksize;
4131					else
4132						ival /= 512;
4133					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4134					    page->descr[2].count);
4135				}
4136				value = ctl_get_opt(&lun->be_lun->options,
4137				    "pool-used-threshold");
4138				if (value != NULL &&
4139				    ctl_expand_number(value, &ival) == 0) {
4140					page->descr[3].flags |= SLBPPD_ENABLED |
4141					    SLBPPD_ARMING_INC;
4142					if (lun->be_lun->blocksize)
4143						ival /= lun->be_lun->blocksize;
4144					else
4145						ival /= 512;
4146					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4147					    page->descr[3].count);
4148				}
4149				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4150				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4151				       sizeof(lbp_page_default));
4152				page_index->page_data =
4153					(uint8_t *)lun->mode_pages.lbp_page;
4154			}}
4155			break;
4156		}
4157		case SMS_VENDOR_SPECIFIC_PAGE:{
4158			switch (page_index->subpage) {
4159			case DBGCNF_SUBPAGE_CODE: {
4160				memcpy(&lun->mode_pages.debugconf_subpage[
4161				       CTL_PAGE_CURRENT],
4162				       &debugconf_page_default,
4163				       sizeof(debugconf_page_default));
4164				memcpy(&lun->mode_pages.debugconf_subpage[
4165				       CTL_PAGE_CHANGEABLE],
4166				       &debugconf_page_changeable,
4167				       sizeof(debugconf_page_changeable));
4168				memcpy(&lun->mode_pages.debugconf_subpage[
4169				       CTL_PAGE_DEFAULT],
4170				       &debugconf_page_default,
4171				       sizeof(debugconf_page_default));
4172				memcpy(&lun->mode_pages.debugconf_subpage[
4173				       CTL_PAGE_SAVED],
4174				       &debugconf_page_default,
4175				       sizeof(debugconf_page_default));
4176				page_index->page_data =
4177				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4178				break;
4179			}
4180			default:
4181				panic("invalid subpage value %d",
4182				      page_index->subpage);
4183				break;
4184			}
4185   			break;
4186		}
4187		default:
4188			panic("invalid page value %d",
4189			      page_index->page_code & SMPH_PC_MASK);
4190			break;
4191    	}
4192	}
4193
4194	return (CTL_RETVAL_COMPLETE);
4195}
4196
4197static int
4198ctl_init_log_page_index(struct ctl_lun *lun)
4199{
4200	struct ctl_page_index *page_index;
4201	int i, j, k, prev;
4202
4203	memcpy(&lun->log_pages.index, log_page_index_template,
4204	       sizeof(log_page_index_template));
4205
4206	prev = -1;
4207	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4208
4209		page_index = &lun->log_pages.index[i];
4210		if (lun->be_lun->lun_type != T_DIRECT &&
4211		    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4212			continue;
4213
4214		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4215		    lun->backend->lun_attr == NULL)
4216			continue;
4217
4218		if (page_index->page_code != prev) {
4219			lun->log_pages.pages_page[j] = page_index->page_code;
4220			prev = page_index->page_code;
4221			j++;
4222		}
4223		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4224		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4225		k++;
4226	}
4227	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4228	lun->log_pages.index[0].page_len = j;
4229	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4230	lun->log_pages.index[1].page_len = k * 2;
4231	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4232	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4233	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4234	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4235
4236	return (CTL_RETVAL_COMPLETE);
4237}
4238
4239static int
4240hex2bin(const char *str, uint8_t *buf, int buf_size)
4241{
4242	int i;
4243	u_char c;
4244
4245	memset(buf, 0, buf_size);
4246	while (isspace(str[0]))
4247		str++;
4248	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4249		str += 2;
4250	buf_size *= 2;
4251	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4252		c = str[i];
4253		if (isdigit(c))
4254			c -= '0';
4255		else if (isalpha(c))
4256			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4257		else
4258			break;
4259		if (c >= 16)
4260			break;
4261		if ((i & 1) == 0)
4262			buf[i / 2] |= (c << 4);
4263		else
4264			buf[i / 2] |= c;
4265	}
4266	return ((i + 1) / 2);
4267}
4268
4269/*
4270 * LUN allocation.
4271 *
4272 * Requirements:
4273 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4274 *   wants us to allocate the LUN and he can block.
4275 * - ctl_softc is always set
4276 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4277 *
4278 * Returns 0 for success, non-zero (errno) for failure.
4279 */
4280static int
4281ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4282	      struct ctl_be_lun *const be_lun)
4283{
4284	struct ctl_lun *nlun, *lun;
4285	struct scsi_vpd_id_descriptor *desc;
4286	struct scsi_vpd_id_t10 *t10id;
4287	const char *eui, *naa, *scsiname, *vendor;
4288	int lun_number, i, lun_malloced;
4289	int devidlen, idlen1, idlen2 = 0, len;
4290
4291	if (be_lun == NULL)
4292		return (EINVAL);
4293
4294	/*
4295	 * We currently only support Direct Access or Processor LUN types.
4296	 */
4297	switch (be_lun->lun_type) {
4298	case T_DIRECT:
4299		break;
4300	case T_PROCESSOR:
4301		break;
4302	case T_SEQUENTIAL:
4303	case T_CHANGER:
4304	default:
4305		be_lun->lun_config_status(be_lun->be_lun,
4306					  CTL_LUN_CONFIG_FAILURE);
4307		break;
4308	}
4309	if (ctl_lun == NULL) {
4310		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4311		lun_malloced = 1;
4312	} else {
4313		lun_malloced = 0;
4314		lun = ctl_lun;
4315	}
4316
4317	memset(lun, 0, sizeof(*lun));
4318	if (lun_malloced)
4319		lun->flags = CTL_LUN_MALLOCED;
4320
4321	/* Generate LUN ID. */
4322	devidlen = max(CTL_DEVID_MIN_LEN,
4323	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4324	idlen1 = sizeof(*t10id) + devidlen;
4325	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4326	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4327	if (scsiname != NULL) {
4328		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4329		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4330	}
4331	eui = ctl_get_opt(&be_lun->options, "eui");
4332	if (eui != NULL) {
4333		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4334	}
4335	naa = ctl_get_opt(&be_lun->options, "naa");
4336	if (naa != NULL) {
4337		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4338	}
4339	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4340	    M_CTL, M_WAITOK | M_ZERO);
4341	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4342	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4343	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4344	desc->length = idlen1;
4345	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4346	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4347	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4348		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4349	} else {
4350		strncpy(t10id->vendor, vendor,
4351		    min(sizeof(t10id->vendor), strlen(vendor)));
4352	}
4353	strncpy((char *)t10id->vendor_spec_id,
4354	    (char *)be_lun->device_id, devidlen);
4355	if (scsiname != NULL) {
4356		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4357		    desc->length);
4358		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4359		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4360		    SVPD_ID_TYPE_SCSI_NAME;
4361		desc->length = idlen2;
4362		strlcpy(desc->identifier, scsiname, idlen2);
4363	}
4364	if (eui != NULL) {
4365		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4366		    desc->length);
4367		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4368		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4369		    SVPD_ID_TYPE_EUI64;
4370		desc->length = hex2bin(eui, desc->identifier, 16);
4371		desc->length = desc->length > 12 ? 16 :
4372		    (desc->length > 8 ? 12 : 8);
4373		len -= 16 - desc->length;
4374	}
4375	if (naa != NULL) {
4376		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4377		    desc->length);
4378		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4379		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4380		    SVPD_ID_TYPE_NAA;
4381		desc->length = hex2bin(naa, desc->identifier, 16);
4382		desc->length = desc->length > 8 ? 16 : 8;
4383		len -= 16 - desc->length;
4384	}
4385	lun->lun_devid->len = len;
4386
4387	mtx_lock(&ctl_softc->ctl_lock);
4388	/*
4389	 * See if the caller requested a particular LUN number.  If so, see
4390	 * if it is available.  Otherwise, allocate the first available LUN.
4391	 */
4392	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4393		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4394		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4395			mtx_unlock(&ctl_softc->ctl_lock);
4396			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4397				printf("ctl: requested LUN ID %d is higher "
4398				       "than CTL_MAX_LUNS - 1 (%d)\n",
4399				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4400			} else {
4401				/*
4402				 * XXX KDM return an error, or just assign
4403				 * another LUN ID in this case??
4404				 */
4405				printf("ctl: requested LUN ID %d is already "
4406				       "in use\n", be_lun->req_lun_id);
4407			}
4408			if (lun->flags & CTL_LUN_MALLOCED)
4409				free(lun, M_CTL);
4410			be_lun->lun_config_status(be_lun->be_lun,
4411						  CTL_LUN_CONFIG_FAILURE);
4412			return (ENOSPC);
4413		}
4414		lun_number = be_lun->req_lun_id;
4415	} else {
4416		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4417		if (lun_number == -1) {
4418			mtx_unlock(&ctl_softc->ctl_lock);
4419			printf("ctl: can't allocate LUN, out of LUNs\n");
4420			if (lun->flags & CTL_LUN_MALLOCED)
4421				free(lun, M_CTL);
4422			be_lun->lun_config_status(be_lun->be_lun,
4423						  CTL_LUN_CONFIG_FAILURE);
4424			return (ENOSPC);
4425		}
4426	}
4427	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4428
4429	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4430	lun->lun = lun_number;
4431	lun->be_lun = be_lun;
4432	/*
4433	 * The processor LUN is always enabled.  Disk LUNs come on line
4434	 * disabled, and must be enabled by the backend.
4435	 */
4436	lun->flags |= CTL_LUN_DISABLED;
4437	lun->backend = be_lun->be;
4438	be_lun->ctl_lun = lun;
4439	be_lun->lun_id = lun_number;
4440	atomic_add_int(&be_lun->be->num_luns, 1);
4441	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4442		lun->flags |= CTL_LUN_OFFLINE;
4443
4444	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4445		lun->flags |= CTL_LUN_STOPPED;
4446
4447	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4448		lun->flags |= CTL_LUN_INOPERABLE;
4449
4450	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4451		lun->flags |= CTL_LUN_PRIMARY_SC;
4452
4453	lun->ctl_softc = ctl_softc;
4454#ifdef CTL_TIME_IO
4455	lun->last_busy = getsbinuptime();
4456#endif
4457	TAILQ_INIT(&lun->ooa_queue);
4458	TAILQ_INIT(&lun->blocked_queue);
4459	STAILQ_INIT(&lun->error_list);
4460	ctl_tpc_lun_init(lun);
4461
4462	/*
4463	 * Initialize the mode and log page index.
4464	 */
4465	ctl_init_page_index(lun);
4466	ctl_init_log_page_index(lun);
4467
4468	/*
4469	 * Now, before we insert this lun on the lun list, set the lun
4470	 * inventory changed UA for all other luns.
4471	 */
4472	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4473		mtx_lock(&nlun->lun_lock);
4474		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4475		mtx_unlock(&nlun->lun_lock);
4476	}
4477
4478	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4479
4480	ctl_softc->ctl_luns[lun_number] = lun;
4481
4482	ctl_softc->num_luns++;
4483
4484	/* Setup statistics gathering */
4485	lun->stats.device_type = be_lun->lun_type;
4486	lun->stats.lun_number = lun_number;
4487	lun->stats.blocksize = be_lun->blocksize;
4488	if (be_lun->blocksize == 0)
4489		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4490	for (i = 0;i < CTL_MAX_PORTS;i++)
4491		lun->stats.ports[i].targ_port = i;
4492
4493	mtx_unlock(&ctl_softc->ctl_lock);
4494
4495	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4496	return (0);
4497}
4498
4499/*
4500 * Delete a LUN.
4501 * Assumptions:
4502 * - LUN has already been marked invalid and any pending I/O has been taken
4503 *   care of.
4504 */
4505static int
4506ctl_free_lun(struct ctl_lun *lun)
4507{
4508	struct ctl_softc *softc;
4509	struct ctl_lun *nlun;
4510	int i;
4511
4512	softc = lun->ctl_softc;
4513
4514	mtx_assert(&softc->ctl_lock, MA_OWNED);
4515
4516	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4517
4518	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4519
4520	softc->ctl_luns[lun->lun] = NULL;
4521
4522	if (!TAILQ_EMPTY(&lun->ooa_queue))
4523		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4524
4525	softc->num_luns--;
4526
4527	/*
4528	 * Tell the backend to free resources, if this LUN has a backend.
4529	 */
4530	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4531	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4532
4533	ctl_tpc_lun_shutdown(lun);
4534	mtx_destroy(&lun->lun_lock);
4535	free(lun->lun_devid, M_CTL);
4536	for (i = 0; i < CTL_MAX_PORTS; i++)
4537		free(lun->pending_ua[i], M_CTL);
4538	for (i = 0; i < CTL_MAX_PORTS; i++)
4539		free(lun->pr_keys[i], M_CTL);
4540	free(lun->write_buffer, M_CTL);
4541	if (lun->flags & CTL_LUN_MALLOCED)
4542		free(lun, M_CTL);
4543
4544	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4545		mtx_lock(&nlun->lun_lock);
4546		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4547		mtx_unlock(&nlun->lun_lock);
4548	}
4549
4550	return (0);
4551}
4552
4553static void
4554ctl_create_lun(struct ctl_be_lun *be_lun)
4555{
4556
4557	/*
4558	 * ctl_alloc_lun() should handle all potential failure cases.
4559	 */
4560	ctl_alloc_lun(control_softc, NULL, be_lun);
4561}
4562
4563int
4564ctl_add_lun(struct ctl_be_lun *be_lun)
4565{
4566	struct ctl_softc *softc = control_softc;
4567
4568	mtx_lock(&softc->ctl_lock);
4569	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4570	mtx_unlock(&softc->ctl_lock);
4571	wakeup(&softc->pending_lun_queue);
4572
4573	return (0);
4574}
4575
4576int
4577ctl_enable_lun(struct ctl_be_lun *be_lun)
4578{
4579	struct ctl_softc *softc;
4580	struct ctl_port *port, *nport;
4581	struct ctl_lun *lun;
4582	int retval;
4583
4584	lun = (struct ctl_lun *)be_lun->ctl_lun;
4585	softc = lun->ctl_softc;
4586
4587	mtx_lock(&softc->ctl_lock);
4588	mtx_lock(&lun->lun_lock);
4589	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4590		/*
4591		 * eh?  Why did we get called if the LUN is already
4592		 * enabled?
4593		 */
4594		mtx_unlock(&lun->lun_lock);
4595		mtx_unlock(&softc->ctl_lock);
4596		return (0);
4597	}
4598	lun->flags &= ~CTL_LUN_DISABLED;
4599	mtx_unlock(&lun->lun_lock);
4600
4601	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4602		nport = STAILQ_NEXT(port, links);
4603		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4604		    port->lun_map != NULL || port->lun_enable == NULL)
4605			continue;
4606
4607		/*
4608		 * Drop the lock while we call the FETD's enable routine.
4609		 * This can lead to a callback into CTL (at least in the
4610		 * case of the internal initiator frontend.
4611		 */
4612		mtx_unlock(&softc->ctl_lock);
4613		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4614		mtx_lock(&softc->ctl_lock);
4615		if (retval != 0) {
4616			printf("%s: FETD %s port %d returned error "
4617			       "%d for lun_enable on lun %jd\n",
4618			       __func__, port->port_name, port->targ_port,
4619			       retval, (intmax_t)lun->lun);
4620		}
4621	}
4622
4623	mtx_unlock(&softc->ctl_lock);
4624	ctl_isc_announce_lun(lun);
4625
4626	return (0);
4627}
4628
4629int
4630ctl_disable_lun(struct ctl_be_lun *be_lun)
4631{
4632	struct ctl_softc *softc;
4633	struct ctl_port *port;
4634	struct ctl_lun *lun;
4635	int retval;
4636
4637	lun = (struct ctl_lun *)be_lun->ctl_lun;
4638	softc = lun->ctl_softc;
4639
4640	mtx_lock(&softc->ctl_lock);
4641	mtx_lock(&lun->lun_lock);
4642	if (lun->flags & CTL_LUN_DISABLED) {
4643		mtx_unlock(&lun->lun_lock);
4644		mtx_unlock(&softc->ctl_lock);
4645		return (0);
4646	}
4647	lun->flags |= CTL_LUN_DISABLED;
4648	mtx_unlock(&lun->lun_lock);
4649
4650	STAILQ_FOREACH(port, &softc->port_list, links) {
4651		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4652		    port->lun_map != NULL || port->lun_disable == NULL)
4653			continue;
4654
4655		/*
4656		 * Drop the lock before we call the frontend's disable
4657		 * routine, to avoid lock order reversals.
4658		 *
4659		 * XXX KDM what happens if the frontend list changes while
4660		 * we're traversing it?  It's unlikely, but should be handled.
4661		 */
4662		mtx_unlock(&softc->ctl_lock);
4663		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4664		mtx_lock(&softc->ctl_lock);
4665		if (retval != 0) {
4666			printf("%s: FETD %s port %d returned error "
4667			       "%d for lun_disable on lun %jd\n",
4668			       __func__, port->port_name, port->targ_port,
4669			       retval, (intmax_t)lun->lun);
4670		}
4671	}
4672
4673	mtx_unlock(&softc->ctl_lock);
4674	ctl_isc_announce_lun(lun);
4675
4676	return (0);
4677}
4678
4679int
4680ctl_start_lun(struct ctl_be_lun *be_lun)
4681{
4682	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4683
4684	mtx_lock(&lun->lun_lock);
4685	lun->flags &= ~CTL_LUN_STOPPED;
4686	mtx_unlock(&lun->lun_lock);
4687	return (0);
4688}
4689
4690int
4691ctl_stop_lun(struct ctl_be_lun *be_lun)
4692{
4693	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4694
4695	mtx_lock(&lun->lun_lock);
4696	lun->flags |= CTL_LUN_STOPPED;
4697	mtx_unlock(&lun->lun_lock);
4698	return (0);
4699}
4700
4701int
4702ctl_lun_offline(struct ctl_be_lun *be_lun)
4703{
4704	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4705
4706	mtx_lock(&lun->lun_lock);
4707	lun->flags |= CTL_LUN_OFFLINE;
4708	mtx_unlock(&lun->lun_lock);
4709	return (0);
4710}
4711
4712int
4713ctl_lun_online(struct ctl_be_lun *be_lun)
4714{
4715	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4716
4717	mtx_lock(&lun->lun_lock);
4718	lun->flags &= ~CTL_LUN_OFFLINE;
4719	mtx_unlock(&lun->lun_lock);
4720	return (0);
4721}
4722
4723int
4724ctl_lun_primary(struct ctl_be_lun *be_lun)
4725{
4726	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4727
4728	mtx_lock(&lun->lun_lock);
4729	lun->flags |= CTL_LUN_PRIMARY_SC;
4730	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4731	mtx_unlock(&lun->lun_lock);
4732	ctl_isc_announce_lun(lun);
4733	return (0);
4734}
4735
4736int
4737ctl_lun_secondary(struct ctl_be_lun *be_lun)
4738{
4739	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4740
4741	mtx_lock(&lun->lun_lock);
4742	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4743	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4744	mtx_unlock(&lun->lun_lock);
4745	ctl_isc_announce_lun(lun);
4746	return (0);
4747}
4748
4749int
4750ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4751{
4752	struct ctl_softc *softc;
4753	struct ctl_lun *lun;
4754
4755	lun = (struct ctl_lun *)be_lun->ctl_lun;
4756	softc = lun->ctl_softc;
4757
4758	mtx_lock(&lun->lun_lock);
4759
4760	/*
4761	 * The LUN needs to be disabled before it can be marked invalid.
4762	 */
4763	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4764		mtx_unlock(&lun->lun_lock);
4765		return (-1);
4766	}
4767	/*
4768	 * Mark the LUN invalid.
4769	 */
4770	lun->flags |= CTL_LUN_INVALID;
4771
4772	/*
4773	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4774	 * If we have something in the OOA queue, we'll free it when the
4775	 * last I/O completes.
4776	 */
4777	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4778		mtx_unlock(&lun->lun_lock);
4779		mtx_lock(&softc->ctl_lock);
4780		ctl_free_lun(lun);
4781		mtx_unlock(&softc->ctl_lock);
4782	} else
4783		mtx_unlock(&lun->lun_lock);
4784
4785	return (0);
4786}
4787
4788int
4789ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4790{
4791	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4792
4793	mtx_lock(&lun->lun_lock);
4794	lun->flags |= CTL_LUN_INOPERABLE;
4795	mtx_unlock(&lun->lun_lock);
4796	return (0);
4797}
4798
4799int
4800ctl_lun_operable(struct ctl_be_lun *be_lun)
4801{
4802	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4803
4804	mtx_lock(&lun->lun_lock);
4805	lun->flags &= ~CTL_LUN_INOPERABLE;
4806	mtx_unlock(&lun->lun_lock);
4807	return (0);
4808}
4809
4810void
4811ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4812{
4813	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4814	union ctl_ha_msg msg;
4815
4816	mtx_lock(&lun->lun_lock);
4817	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4818	mtx_unlock(&lun->lun_lock);
4819	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4820		/* Send msg to other side. */
4821		bzero(&msg.ua, sizeof(msg.ua));
4822		msg.hdr.msg_type = CTL_MSG_UA;
4823		msg.hdr.nexus.initid = -1;
4824		msg.hdr.nexus.targ_port = -1;
4825		msg.hdr.nexus.targ_lun = lun->lun;
4826		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4827		msg.ua.ua_all = 1;
4828		msg.ua.ua_set = 1;
4829		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4830		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4831		    M_WAITOK);
4832	}
4833}
4834
4835/*
4836 * Backend "memory move is complete" callback for requests that never
4837 * make it down to say RAIDCore's configuration code.
4838 */
4839int
4840ctl_config_move_done(union ctl_io *io)
4841{
4842	int retval;
4843
4844	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4845	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4846	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4847
4848	if ((io->io_hdr.port_status != 0) &&
4849	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4850	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4851		/*
4852		 * For hardware error sense keys, the sense key
4853		 * specific value is defined to be a retry count,
4854		 * but we use it to pass back an internal FETD
4855		 * error code.  XXX KDM  Hopefully the FETD is only
4856		 * using 16 bits for an error code, since that's
4857		 * all the space we have in the sks field.
4858		 */
4859		ctl_set_internal_failure(&io->scsiio,
4860					 /*sks_valid*/ 1,
4861					 /*retry_count*/
4862					 io->io_hdr.port_status);
4863	}
4864
4865	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4866		ctl_data_print(io);
4867	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4868	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4869	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4870	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4871		/*
4872		 * XXX KDM just assuming a single pointer here, and not a
4873		 * S/G list.  If we start using S/G lists for config data,
4874		 * we'll need to know how to clean them up here as well.
4875		 */
4876		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4877			free(io->scsiio.kern_data_ptr, M_CTL);
4878		ctl_done(io);
4879		retval = CTL_RETVAL_COMPLETE;
4880	} else {
4881		/*
4882		 * XXX KDM now we need to continue data movement.  Some
4883		 * options:
4884		 * - call ctl_scsiio() again?  We don't do this for data
4885		 *   writes, because for those at least we know ahead of
4886		 *   time where the write will go and how long it is.  For
4887		 *   config writes, though, that information is largely
4888		 *   contained within the write itself, thus we need to
4889		 *   parse out the data again.
4890		 *
4891		 * - Call some other function once the data is in?
4892		 */
4893
4894		/*
4895		 * XXX KDM call ctl_scsiio() again for now, and check flag
4896		 * bits to see whether we're allocated or not.
4897		 */
4898		retval = ctl_scsiio(&io->scsiio);
4899	}
4900	return (retval);
4901}
4902
4903/*
4904 * This gets called by a backend driver when it is done with a
4905 * data_submit method.
4906 */
4907void
4908ctl_data_submit_done(union ctl_io *io)
4909{
4910	/*
4911	 * If the IO_CONT flag is set, we need to call the supplied
4912	 * function to continue processing the I/O, instead of completing
4913	 * the I/O just yet.
4914	 *
4915	 * If there is an error, though, we don't want to keep processing.
4916	 * Instead, just send status back to the initiator.
4917	 */
4918	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4919	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4920	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4921	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4922		io->scsiio.io_cont(io);
4923		return;
4924	}
4925	ctl_done(io);
4926}
4927
4928/*
4929 * This gets called by a backend driver when it is done with a
4930 * configuration write.
4931 */
4932void
4933ctl_config_write_done(union ctl_io *io)
4934{
4935	uint8_t *buf;
4936
4937	/*
4938	 * If the IO_CONT flag is set, we need to call the supplied
4939	 * function to continue processing the I/O, instead of completing
4940	 * the I/O just yet.
4941	 *
4942	 * If there is an error, though, we don't want to keep processing.
4943	 * Instead, just send status back to the initiator.
4944	 */
4945	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4946	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4947	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4948	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4949		io->scsiio.io_cont(io);
4950		return;
4951	}
4952	/*
4953	 * Since a configuration write can be done for commands that actually
4954	 * have data allocated, like write buffer, and commands that have
4955	 * no data, like start/stop unit, we need to check here.
4956	 */
4957	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4958		buf = io->scsiio.kern_data_ptr;
4959	else
4960		buf = NULL;
4961	ctl_done(io);
4962	if (buf)
4963		free(buf, M_CTL);
4964}
4965
4966void
4967ctl_config_read_done(union ctl_io *io)
4968{
4969	uint8_t *buf;
4970
4971	/*
4972	 * If there is some error -- we are done, skip data transfer.
4973	 */
4974	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4975	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4976	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4977		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4978			buf = io->scsiio.kern_data_ptr;
4979		else
4980			buf = NULL;
4981		ctl_done(io);
4982		if (buf)
4983			free(buf, M_CTL);
4984		return;
4985	}
4986
4987	/*
4988	 * If the IO_CONT flag is set, we need to call the supplied
4989	 * function to continue processing the I/O, instead of completing
4990	 * the I/O just yet.
4991	 */
4992	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4993		io->scsiio.io_cont(io);
4994		return;
4995	}
4996
4997	ctl_datamove(io);
4998}
4999
5000/*
5001 * SCSI release command.
5002 */
5003int
5004ctl_scsi_release(struct ctl_scsiio *ctsio)
5005{
5006	struct ctl_lun *lun;
5007	uint32_t residx;
5008
5009	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5010
5011	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5012	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5013
5014	/*
5015	 * XXX KDM right now, we only support LUN reservation.  We don't
5016	 * support 3rd party reservations, or extent reservations, which
5017	 * might actually need the parameter list.  If we've gotten this
5018	 * far, we've got a LUN reservation.  Anything else got kicked out
5019	 * above.  So, according to SPC, ignore the length.
5020	 */
5021
5022	mtx_lock(&lun->lun_lock);
5023
5024	/*
5025	 * According to SPC, it is not an error for an intiator to attempt
5026	 * to release a reservation on a LUN that isn't reserved, or that
5027	 * is reserved by another initiator.  The reservation can only be
5028	 * released, though, by the initiator who made it or by one of
5029	 * several reset type events.
5030	 */
5031	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5032			lun->flags &= ~CTL_LUN_RESERVED;
5033
5034	mtx_unlock(&lun->lun_lock);
5035
5036	ctl_set_success(ctsio);
5037	ctl_done((union ctl_io *)ctsio);
5038	return (CTL_RETVAL_COMPLETE);
5039}
5040
5041int
5042ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5043{
5044	struct ctl_lun *lun;
5045	uint32_t residx;
5046
5047	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5048
5049	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5050	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5051
5052	/*
5053	 * XXX KDM right now, we only support LUN reservation.  We don't
5054	 * support 3rd party reservations, or extent reservations, which
5055	 * might actually need the parameter list.  If we've gotten this
5056	 * far, we've got a LUN reservation.  Anything else got kicked out
5057	 * above.  So, according to SPC, ignore the length.
5058	 */
5059
5060	mtx_lock(&lun->lun_lock);
5061	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5062		ctl_set_reservation_conflict(ctsio);
5063		goto bailout;
5064	}
5065	lun->flags |= CTL_LUN_RESERVED;
5066	lun->res_idx = residx;
5067	ctl_set_success(ctsio);
5068
5069bailout:
5070	mtx_unlock(&lun->lun_lock);
5071	ctl_done((union ctl_io *)ctsio);
5072	return (CTL_RETVAL_COMPLETE);
5073}
5074
5075int
5076ctl_start_stop(struct ctl_scsiio *ctsio)
5077{
5078	struct scsi_start_stop_unit *cdb;
5079	struct ctl_lun *lun;
5080	int retval;
5081
5082	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5083
5084	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5085	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5086
5087	/*
5088	 * XXX KDM
5089	 * We don't support the immediate bit on a stop unit.  In order to
5090	 * do that, we would need to code up a way to know that a stop is
5091	 * pending, and hold off any new commands until it completes, one
5092	 * way or another.  Then we could accept or reject those commands
5093	 * depending on its status.  We would almost need to do the reverse
5094	 * of what we do below for an immediate start -- return the copy of
5095	 * the ctl_io to the FETD with status to send to the host (and to
5096	 * free the copy!) and then free the original I/O once the stop
5097	 * actually completes.  That way, the OOA queue mechanism can work
5098	 * to block commands that shouldn't proceed.  Another alternative
5099	 * would be to put the copy in the queue in place of the original,
5100	 * and return the original back to the caller.  That could be
5101	 * slightly safer..
5102	 */
5103	if ((cdb->byte2 & SSS_IMMED)
5104	 && ((cdb->how & SSS_START) == 0)) {
5105		ctl_set_invalid_field(ctsio,
5106				      /*sks_valid*/ 1,
5107				      /*command*/ 1,
5108				      /*field*/ 1,
5109				      /*bit_valid*/ 1,
5110				      /*bit*/ 0);
5111		ctl_done((union ctl_io *)ctsio);
5112		return (CTL_RETVAL_COMPLETE);
5113	}
5114
5115	if ((lun->flags & CTL_LUN_PR_RESERVED)
5116	 && ((cdb->how & SSS_START)==0)) {
5117		uint32_t residx;
5118
5119		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5120		if (ctl_get_prkey(lun, residx) == 0
5121		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5122
5123			ctl_set_reservation_conflict(ctsio);
5124			ctl_done((union ctl_io *)ctsio);
5125			return (CTL_RETVAL_COMPLETE);
5126		}
5127	}
5128
5129	/*
5130	 * If there is no backend on this device, we can't start or stop
5131	 * it.  In theory we shouldn't get any start/stop commands in the
5132	 * first place at this level if the LUN doesn't have a backend.
5133	 * That should get stopped by the command decode code.
5134	 */
5135	if (lun->backend == NULL) {
5136		ctl_set_invalid_opcode(ctsio);
5137		ctl_done((union ctl_io *)ctsio);
5138		return (CTL_RETVAL_COMPLETE);
5139	}
5140
5141	/*
5142	 * In the non-immediate case, we send the request to
5143	 * the backend and return status to the user when
5144	 * it is done.
5145	 *
5146	 * In the immediate case, we allocate a new ctl_io
5147	 * to hold a copy of the request, and send that to
5148	 * the backend.  We then set good status on the
5149	 * user's request and return it immediately.
5150	 */
5151	if (cdb->byte2 & SSS_IMMED) {
5152		union ctl_io *new_io;
5153
5154		new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5155		ctl_copy_io((union ctl_io *)ctsio, new_io);
5156		retval = lun->backend->config_write(new_io);
5157		ctl_set_success(ctsio);
5158		ctl_done((union ctl_io *)ctsio);
5159	} else {
5160		retval = lun->backend->config_write(
5161			(union ctl_io *)ctsio);
5162	}
5163	return (retval);
5164}
5165
5166/*
5167 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5168 * we don't really do anything with the LBA and length fields if the user
5169 * passes them in.  Instead we'll just flush out the cache for the entire
5170 * LUN.
5171 */
5172int
5173ctl_sync_cache(struct ctl_scsiio *ctsio)
5174{
5175	struct ctl_lun *lun;
5176	struct ctl_softc *softc;
5177	struct ctl_lba_len_flags *lbalen;
5178	uint64_t starting_lba;
5179	uint32_t block_count;
5180	int retval;
5181	uint8_t byte2;
5182
5183	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5184
5185	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5186	softc = lun->ctl_softc;
5187	retval = 0;
5188
5189	switch (ctsio->cdb[0]) {
5190	case SYNCHRONIZE_CACHE: {
5191		struct scsi_sync_cache *cdb;
5192		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5193
5194		starting_lba = scsi_4btoul(cdb->begin_lba);
5195		block_count = scsi_2btoul(cdb->lb_count);
5196		byte2 = cdb->byte2;
5197		break;
5198	}
5199	case SYNCHRONIZE_CACHE_16: {
5200		struct scsi_sync_cache_16 *cdb;
5201		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5202
5203		starting_lba = scsi_8btou64(cdb->begin_lba);
5204		block_count = scsi_4btoul(cdb->lb_count);
5205		byte2 = cdb->byte2;
5206		break;
5207	}
5208	default:
5209		ctl_set_invalid_opcode(ctsio);
5210		ctl_done((union ctl_io *)ctsio);
5211		goto bailout;
5212		break; /* NOTREACHED */
5213	}
5214
5215	/*
5216	 * We check the LBA and length, but don't do anything with them.
5217	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5218	 * get flushed.  This check will just help satisfy anyone who wants
5219	 * to see an error for an out of range LBA.
5220	 */
5221	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5222		ctl_set_lba_out_of_range(ctsio);
5223		ctl_done((union ctl_io *)ctsio);
5224		goto bailout;
5225	}
5226
5227	/*
5228	 * If this LUN has no backend, we can't flush the cache anyway.
5229	 */
5230	if (lun->backend == NULL) {
5231		ctl_set_invalid_opcode(ctsio);
5232		ctl_done((union ctl_io *)ctsio);
5233		goto bailout;
5234	}
5235
5236	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5237	lbalen->lba = starting_lba;
5238	lbalen->len = block_count;
5239	lbalen->flags = byte2;
5240	retval = lun->backend->config_write((union ctl_io *)ctsio);
5241
5242bailout:
5243	return (retval);
5244}
5245
5246int
5247ctl_format(struct ctl_scsiio *ctsio)
5248{
5249	struct scsi_format *cdb;
5250	struct ctl_lun *lun;
5251	int length, defect_list_len;
5252
5253	CTL_DEBUG_PRINT(("ctl_format\n"));
5254
5255	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5256
5257	cdb = (struct scsi_format *)ctsio->cdb;
5258
5259	length = 0;
5260	if (cdb->byte2 & SF_FMTDATA) {
5261		if (cdb->byte2 & SF_LONGLIST)
5262			length = sizeof(struct scsi_format_header_long);
5263		else
5264			length = sizeof(struct scsi_format_header_short);
5265	}
5266
5267	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5268	 && (length > 0)) {
5269		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5270		ctsio->kern_data_len = length;
5271		ctsio->kern_total_len = length;
5272		ctsio->kern_data_resid = 0;
5273		ctsio->kern_rel_offset = 0;
5274		ctsio->kern_sg_entries = 0;
5275		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5276		ctsio->be_move_done = ctl_config_move_done;
5277		ctl_datamove((union ctl_io *)ctsio);
5278
5279		return (CTL_RETVAL_COMPLETE);
5280	}
5281
5282	defect_list_len = 0;
5283
5284	if (cdb->byte2 & SF_FMTDATA) {
5285		if (cdb->byte2 & SF_LONGLIST) {
5286			struct scsi_format_header_long *header;
5287
5288			header = (struct scsi_format_header_long *)
5289				ctsio->kern_data_ptr;
5290
5291			defect_list_len = scsi_4btoul(header->defect_list_len);
5292			if (defect_list_len != 0) {
5293				ctl_set_invalid_field(ctsio,
5294						      /*sks_valid*/ 1,
5295						      /*command*/ 0,
5296						      /*field*/ 2,
5297						      /*bit_valid*/ 0,
5298						      /*bit*/ 0);
5299				goto bailout;
5300			}
5301		} else {
5302			struct scsi_format_header_short *header;
5303
5304			header = (struct scsi_format_header_short *)
5305				ctsio->kern_data_ptr;
5306
5307			defect_list_len = scsi_2btoul(header->defect_list_len);
5308			if (defect_list_len != 0) {
5309				ctl_set_invalid_field(ctsio,
5310						      /*sks_valid*/ 1,
5311						      /*command*/ 0,
5312						      /*field*/ 2,
5313						      /*bit_valid*/ 0,
5314						      /*bit*/ 0);
5315				goto bailout;
5316			}
5317		}
5318	}
5319
5320	/*
5321	 * The format command will clear out the "Medium format corrupted"
5322	 * status if set by the configuration code.  That status is really
5323	 * just a way to notify the host that we have lost the media, and
5324	 * get them to issue a command that will basically make them think
5325	 * they're blowing away the media.
5326	 */
5327	mtx_lock(&lun->lun_lock);
5328	lun->flags &= ~CTL_LUN_INOPERABLE;
5329	mtx_unlock(&lun->lun_lock);
5330
5331	ctl_set_success(ctsio);
5332bailout:
5333
5334	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5335		free(ctsio->kern_data_ptr, M_CTL);
5336		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5337	}
5338
5339	ctl_done((union ctl_io *)ctsio);
5340	return (CTL_RETVAL_COMPLETE);
5341}
5342
5343int
5344ctl_read_buffer(struct ctl_scsiio *ctsio)
5345{
5346	struct ctl_lun *lun;
5347	uint64_t buffer_offset;
5348	uint32_t len;
5349	uint8_t byte2;
5350	static uint8_t descr[4];
5351	static uint8_t echo_descr[4] = { 0 };
5352
5353	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5354	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5355	switch (ctsio->cdb[0]) {
5356	case READ_BUFFER: {
5357		struct scsi_read_buffer *cdb;
5358
5359		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5360		buffer_offset = scsi_3btoul(cdb->offset);
5361		len = scsi_3btoul(cdb->length);
5362		byte2 = cdb->byte2;
5363		break;
5364	}
5365	case READ_BUFFER_16: {
5366		struct scsi_read_buffer_16 *cdb;
5367
5368		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5369		buffer_offset = scsi_8btou64(cdb->offset);
5370		len = scsi_4btoul(cdb->length);
5371		byte2 = cdb->byte2;
5372		break;
5373	}
5374	default: /* This shouldn't happen. */
5375		ctl_set_invalid_opcode(ctsio);
5376		ctl_done((union ctl_io *)ctsio);
5377		return (CTL_RETVAL_COMPLETE);
5378	}
5379
5380	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5381	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5382	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5383		ctl_set_invalid_field(ctsio,
5384				      /*sks_valid*/ 1,
5385				      /*command*/ 1,
5386				      /*field*/ 1,
5387				      /*bit_valid*/ 1,
5388				      /*bit*/ 4);
5389		ctl_done((union ctl_io *)ctsio);
5390		return (CTL_RETVAL_COMPLETE);
5391	}
5392
5393	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5394	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5395		ctl_set_invalid_field(ctsio,
5396				      /*sks_valid*/ 1,
5397				      /*command*/ 1,
5398				      /*field*/ 6,
5399				      /*bit_valid*/ 0,
5400				      /*bit*/ 0);
5401		ctl_done((union ctl_io *)ctsio);
5402		return (CTL_RETVAL_COMPLETE);
5403	}
5404
5405	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5406		descr[0] = 0;
5407		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5408		ctsio->kern_data_ptr = descr;
5409		len = min(len, sizeof(descr));
5410	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5411		ctsio->kern_data_ptr = echo_descr;
5412		len = min(len, sizeof(echo_descr));
5413	} else {
5414		if (lun->write_buffer == NULL) {
5415			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5416			    M_CTL, M_WAITOK);
5417		}
5418		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5419	}
5420	ctsio->kern_data_len = len;
5421	ctsio->kern_total_len = len;
5422	ctsio->kern_data_resid = 0;
5423	ctsio->kern_rel_offset = 0;
5424	ctsio->kern_sg_entries = 0;
5425	ctl_set_success(ctsio);
5426	ctsio->be_move_done = ctl_config_move_done;
5427	ctl_datamove((union ctl_io *)ctsio);
5428	return (CTL_RETVAL_COMPLETE);
5429}
5430
5431int
5432ctl_write_buffer(struct ctl_scsiio *ctsio)
5433{
5434	struct scsi_write_buffer *cdb;
5435	struct ctl_lun *lun;
5436	int buffer_offset, len;
5437
5438	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5439
5440	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5441	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5442
5443	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5444		ctl_set_invalid_field(ctsio,
5445				      /*sks_valid*/ 1,
5446				      /*command*/ 1,
5447				      /*field*/ 1,
5448				      /*bit_valid*/ 1,
5449				      /*bit*/ 4);
5450		ctl_done((union ctl_io *)ctsio);
5451		return (CTL_RETVAL_COMPLETE);
5452	}
5453
5454	len = scsi_3btoul(cdb->length);
5455	buffer_offset = scsi_3btoul(cdb->offset);
5456
5457	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5458		ctl_set_invalid_field(ctsio,
5459				      /*sks_valid*/ 1,
5460				      /*command*/ 1,
5461				      /*field*/ 6,
5462				      /*bit_valid*/ 0,
5463				      /*bit*/ 0);
5464		ctl_done((union ctl_io *)ctsio);
5465		return (CTL_RETVAL_COMPLETE);
5466	}
5467
5468	/*
5469	 * If we've got a kernel request that hasn't been malloced yet,
5470	 * malloc it and tell the caller the data buffer is here.
5471	 */
5472	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5473		if (lun->write_buffer == NULL) {
5474			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5475			    M_CTL, M_WAITOK);
5476		}
5477		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5478		ctsio->kern_data_len = len;
5479		ctsio->kern_total_len = len;
5480		ctsio->kern_data_resid = 0;
5481		ctsio->kern_rel_offset = 0;
5482		ctsio->kern_sg_entries = 0;
5483		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5484		ctsio->be_move_done = ctl_config_move_done;
5485		ctl_datamove((union ctl_io *)ctsio);
5486
5487		return (CTL_RETVAL_COMPLETE);
5488	}
5489
5490	ctl_set_success(ctsio);
5491	ctl_done((union ctl_io *)ctsio);
5492	return (CTL_RETVAL_COMPLETE);
5493}
5494
5495int
5496ctl_write_same(struct ctl_scsiio *ctsio)
5497{
5498	struct ctl_lun *lun;
5499	struct ctl_lba_len_flags *lbalen;
5500	uint64_t lba;
5501	uint32_t num_blocks;
5502	int len, retval;
5503	uint8_t byte2;
5504
5505	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5506
5507	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5508
5509	switch (ctsio->cdb[0]) {
5510	case WRITE_SAME_10: {
5511		struct scsi_write_same_10 *cdb;
5512
5513		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5514
5515		lba = scsi_4btoul(cdb->addr);
5516		num_blocks = scsi_2btoul(cdb->length);
5517		byte2 = cdb->byte2;
5518		break;
5519	}
5520	case WRITE_SAME_16: {
5521		struct scsi_write_same_16 *cdb;
5522
5523		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5524
5525		lba = scsi_8btou64(cdb->addr);
5526		num_blocks = scsi_4btoul(cdb->length);
5527		byte2 = cdb->byte2;
5528		break;
5529	}
5530	default:
5531		/*
5532		 * We got a command we don't support.  This shouldn't
5533		 * happen, commands should be filtered out above us.
5534		 */
5535		ctl_set_invalid_opcode(ctsio);
5536		ctl_done((union ctl_io *)ctsio);
5537
5538		return (CTL_RETVAL_COMPLETE);
5539		break; /* NOTREACHED */
5540	}
5541
5542	/* ANCHOR flag can be used only together with UNMAP */
5543	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5544		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5545		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5546		ctl_done((union ctl_io *)ctsio);
5547		return (CTL_RETVAL_COMPLETE);
5548	}
5549
5550	/*
5551	 * The first check is to make sure we're in bounds, the second
5552	 * check is to catch wrap-around problems.  If the lba + num blocks
5553	 * is less than the lba, then we've wrapped around and the block
5554	 * range is invalid anyway.
5555	 */
5556	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5557	 || ((lba + num_blocks) < lba)) {
5558		ctl_set_lba_out_of_range(ctsio);
5559		ctl_done((union ctl_io *)ctsio);
5560		return (CTL_RETVAL_COMPLETE);
5561	}
5562
5563	/* Zero number of blocks means "to the last logical block" */
5564	if (num_blocks == 0) {
5565		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5566			ctl_set_invalid_field(ctsio,
5567					      /*sks_valid*/ 0,
5568					      /*command*/ 1,
5569					      /*field*/ 0,
5570					      /*bit_valid*/ 0,
5571					      /*bit*/ 0);
5572			ctl_done((union ctl_io *)ctsio);
5573			return (CTL_RETVAL_COMPLETE);
5574		}
5575		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5576	}
5577
5578	len = lun->be_lun->blocksize;
5579
5580	/*
5581	 * If we've got a kernel request that hasn't been malloced yet,
5582	 * malloc it and tell the caller the data buffer is here.
5583	 */
5584	if ((byte2 & SWS_NDOB) == 0 &&
5585	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5586		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5587		ctsio->kern_data_len = len;
5588		ctsio->kern_total_len = len;
5589		ctsio->kern_data_resid = 0;
5590		ctsio->kern_rel_offset = 0;
5591		ctsio->kern_sg_entries = 0;
5592		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5593		ctsio->be_move_done = ctl_config_move_done;
5594		ctl_datamove((union ctl_io *)ctsio);
5595
5596		return (CTL_RETVAL_COMPLETE);
5597	}
5598
5599	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5600	lbalen->lba = lba;
5601	lbalen->len = num_blocks;
5602	lbalen->flags = byte2;
5603	retval = lun->backend->config_write((union ctl_io *)ctsio);
5604
5605	return (retval);
5606}
5607
5608int
5609ctl_unmap(struct ctl_scsiio *ctsio)
5610{
5611	struct ctl_lun *lun;
5612	struct scsi_unmap *cdb;
5613	struct ctl_ptr_len_flags *ptrlen;
5614	struct scsi_unmap_header *hdr;
5615	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5616	uint64_t lba;
5617	uint32_t num_blocks;
5618	int len, retval;
5619	uint8_t byte2;
5620
5621	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5622
5623	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5624	cdb = (struct scsi_unmap *)ctsio->cdb;
5625
5626	len = scsi_2btoul(cdb->length);
5627	byte2 = cdb->byte2;
5628
5629	/*
5630	 * If we've got a kernel request that hasn't been malloced yet,
5631	 * malloc it and tell the caller the data buffer is here.
5632	 */
5633	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5634		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5635		ctsio->kern_data_len = len;
5636		ctsio->kern_total_len = len;
5637		ctsio->kern_data_resid = 0;
5638		ctsio->kern_rel_offset = 0;
5639		ctsio->kern_sg_entries = 0;
5640		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5641		ctsio->be_move_done = ctl_config_move_done;
5642		ctl_datamove((union ctl_io *)ctsio);
5643
5644		return (CTL_RETVAL_COMPLETE);
5645	}
5646
5647	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5648	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5649	if (len < sizeof (*hdr) ||
5650	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5651	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5652	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5653		ctl_set_invalid_field(ctsio,
5654				      /*sks_valid*/ 0,
5655				      /*command*/ 0,
5656				      /*field*/ 0,
5657				      /*bit_valid*/ 0,
5658				      /*bit*/ 0);
5659		goto done;
5660	}
5661	len = scsi_2btoul(hdr->desc_length);
5662	buf = (struct scsi_unmap_desc *)(hdr + 1);
5663	end = buf + len / sizeof(*buf);
5664
5665	endnz = buf;
5666	for (range = buf; range < end; range++) {
5667		lba = scsi_8btou64(range->lba);
5668		num_blocks = scsi_4btoul(range->length);
5669		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5670		 || ((lba + num_blocks) < lba)) {
5671			ctl_set_lba_out_of_range(ctsio);
5672			ctl_done((union ctl_io *)ctsio);
5673			return (CTL_RETVAL_COMPLETE);
5674		}
5675		if (num_blocks != 0)
5676			endnz = range + 1;
5677	}
5678
5679	/*
5680	 * Block backend can not handle zero last range.
5681	 * Filter it out and return if there is nothing left.
5682	 */
5683	len = (uint8_t *)endnz - (uint8_t *)buf;
5684	if (len == 0) {
5685		ctl_set_success(ctsio);
5686		goto done;
5687	}
5688
5689	mtx_lock(&lun->lun_lock);
5690	ptrlen = (struct ctl_ptr_len_flags *)
5691	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5692	ptrlen->ptr = (void *)buf;
5693	ptrlen->len = len;
5694	ptrlen->flags = byte2;
5695	ctl_check_blocked(lun);
5696	mtx_unlock(&lun->lun_lock);
5697
5698	retval = lun->backend->config_write((union ctl_io *)ctsio);
5699	return (retval);
5700
5701done:
5702	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5703		free(ctsio->kern_data_ptr, M_CTL);
5704		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5705	}
5706	ctl_done((union ctl_io *)ctsio);
5707	return (CTL_RETVAL_COMPLETE);
5708}
5709
5710/*
5711 * Note that this function currently doesn't actually do anything inside
5712 * CTL to enforce things if the DQue bit is turned on.
5713 *
5714 * Also note that this function can't be used in the default case, because
5715 * the DQue bit isn't set in the changeable mask for the control mode page
5716 * anyway.  This is just here as an example for how to implement a page
5717 * handler, and a placeholder in case we want to allow the user to turn
5718 * tagged queueing on and off.
5719 *
5720 * The D_SENSE bit handling is functional, however, and will turn
5721 * descriptor sense on and off for a given LUN.
5722 */
5723int
5724ctl_control_page_handler(struct ctl_scsiio *ctsio,
5725			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5726{
5727	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5728	struct ctl_lun *lun;
5729	int set_ua;
5730	uint32_t initidx;
5731
5732	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5733	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5734	set_ua = 0;
5735
5736	user_cp = (struct scsi_control_page *)page_ptr;
5737	current_cp = (struct scsi_control_page *)
5738		(page_index->page_data + (page_index->page_len *
5739		CTL_PAGE_CURRENT));
5740	saved_cp = (struct scsi_control_page *)
5741		(page_index->page_data + (page_index->page_len *
5742		CTL_PAGE_SAVED));
5743
5744	mtx_lock(&lun->lun_lock);
5745	if (((current_cp->rlec & SCP_DSENSE) == 0)
5746	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5747		/*
5748		 * Descriptor sense is currently turned off and the user
5749		 * wants to turn it on.
5750		 */
5751		current_cp->rlec |= SCP_DSENSE;
5752		saved_cp->rlec |= SCP_DSENSE;
5753		lun->flags |= CTL_LUN_SENSE_DESC;
5754		set_ua = 1;
5755	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5756		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5757		/*
5758		 * Descriptor sense is currently turned on, and the user
5759		 * wants to turn it off.
5760		 */
5761		current_cp->rlec &= ~SCP_DSENSE;
5762		saved_cp->rlec &= ~SCP_DSENSE;
5763		lun->flags &= ~CTL_LUN_SENSE_DESC;
5764		set_ua = 1;
5765	}
5766	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5767	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5768		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5769		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5770		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5771		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5772		set_ua = 1;
5773	}
5774	if ((current_cp->eca_and_aen & SCP_SWP) !=
5775	    (user_cp->eca_and_aen & SCP_SWP)) {
5776		current_cp->eca_and_aen &= ~SCP_SWP;
5777		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5778		saved_cp->eca_and_aen &= ~SCP_SWP;
5779		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5780		set_ua = 1;
5781	}
5782	if (set_ua != 0)
5783		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5784	mtx_unlock(&lun->lun_lock);
5785	if (set_ua) {
5786		ctl_isc_announce_mode(lun,
5787		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5788		    page_index->page_code, page_index->subpage);
5789	}
5790	return (0);
5791}
5792
5793int
5794ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5795		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5796{
5797	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5798	struct ctl_lun *lun;
5799	int set_ua;
5800	uint32_t initidx;
5801
5802	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5803	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5804	set_ua = 0;
5805
5806	user_cp = (struct scsi_caching_page *)page_ptr;
5807	current_cp = (struct scsi_caching_page *)
5808		(page_index->page_data + (page_index->page_len *
5809		CTL_PAGE_CURRENT));
5810	saved_cp = (struct scsi_caching_page *)
5811		(page_index->page_data + (page_index->page_len *
5812		CTL_PAGE_SAVED));
5813
5814	mtx_lock(&lun->lun_lock);
5815	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5816	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5817		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5818		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5819		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5820		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5821		set_ua = 1;
5822	}
5823	if (set_ua != 0)
5824		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5825	mtx_unlock(&lun->lun_lock);
5826	if (set_ua) {
5827		ctl_isc_announce_mode(lun,
5828		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5829		    page_index->page_code, page_index->subpage);
5830	}
5831	return (0);
5832}
5833
5834int
5835ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5836				struct ctl_page_index *page_index,
5837				uint8_t *page_ptr)
5838{
5839	uint8_t *c;
5840	int i;
5841
5842	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5843	ctl_time_io_secs =
5844		(c[0] << 8) |
5845		(c[1] << 0) |
5846		0;
5847	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5848	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5849	printf("page data:");
5850	for (i=0; i<8; i++)
5851		printf(" %.2x",page_ptr[i]);
5852	printf("\n");
5853	return (0);
5854}
5855
5856int
5857ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5858			       struct ctl_page_index *page_index,
5859			       int pc)
5860{
5861	struct copan_debugconf_subpage *page;
5862
5863	page = (struct copan_debugconf_subpage *)page_index->page_data +
5864		(page_index->page_len * pc);
5865
5866	switch (pc) {
5867	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5868	case SMS_PAGE_CTRL_DEFAULT >> 6:
5869	case SMS_PAGE_CTRL_SAVED >> 6:
5870		/*
5871		 * We don't update the changable or default bits for this page.
5872		 */
5873		break;
5874	case SMS_PAGE_CTRL_CURRENT >> 6:
5875		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5876		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5877		break;
5878	default:
5879		break;
5880	}
5881	return (0);
5882}
5883
5884
5885static int
5886ctl_do_mode_select(union ctl_io *io)
5887{
5888	struct scsi_mode_page_header *page_header;
5889	struct ctl_page_index *page_index;
5890	struct ctl_scsiio *ctsio;
5891	int page_len, page_len_offset, page_len_size;
5892	union ctl_modepage_info *modepage_info;
5893	struct ctl_lun *lun;
5894	int *len_left, *len_used;
5895	int retval, i;
5896
5897	ctsio = &io->scsiio;
5898	page_index = NULL;
5899	page_len = 0;
5900	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5901
5902	modepage_info = (union ctl_modepage_info *)
5903		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5904	len_left = &modepage_info->header.len_left;
5905	len_used = &modepage_info->header.len_used;
5906
5907do_next_page:
5908
5909	page_header = (struct scsi_mode_page_header *)
5910		(ctsio->kern_data_ptr + *len_used);
5911
5912	if (*len_left == 0) {
5913		free(ctsio->kern_data_ptr, M_CTL);
5914		ctl_set_success(ctsio);
5915		ctl_done((union ctl_io *)ctsio);
5916		return (CTL_RETVAL_COMPLETE);
5917	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5918
5919		free(ctsio->kern_data_ptr, M_CTL);
5920		ctl_set_param_len_error(ctsio);
5921		ctl_done((union ctl_io *)ctsio);
5922		return (CTL_RETVAL_COMPLETE);
5923
5924	} else if ((page_header->page_code & SMPH_SPF)
5925		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5926
5927		free(ctsio->kern_data_ptr, M_CTL);
5928		ctl_set_param_len_error(ctsio);
5929		ctl_done((union ctl_io *)ctsio);
5930		return (CTL_RETVAL_COMPLETE);
5931	}
5932
5933
5934	/*
5935	 * XXX KDM should we do something with the block descriptor?
5936	 */
5937	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5938
5939		if (lun->be_lun->lun_type != T_DIRECT &&
5940		    (lun->mode_pages.index[i].page_flags &
5941		     CTL_PAGE_FLAG_DISK_ONLY))
5942			continue;
5943
5944		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5945		    (page_header->page_code & SMPH_PC_MASK))
5946			continue;
5947
5948		/*
5949		 * If neither page has a subpage code, then we've got a
5950		 * match.
5951		 */
5952		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5953		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5954			page_index = &lun->mode_pages.index[i];
5955			page_len = page_header->page_length;
5956			break;
5957		}
5958
5959		/*
5960		 * If both pages have subpages, then the subpage numbers
5961		 * have to match.
5962		 */
5963		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5964		  && (page_header->page_code & SMPH_SPF)) {
5965			struct scsi_mode_page_header_sp *sph;
5966
5967			sph = (struct scsi_mode_page_header_sp *)page_header;
5968
5969			if (lun->mode_pages.index[i].subpage ==
5970			    sph->subpage) {
5971				page_index = &lun->mode_pages.index[i];
5972				page_len = scsi_2btoul(sph->page_length);
5973				break;
5974			}
5975		}
5976	}
5977
5978	/*
5979	 * If we couldn't find the page, or if we don't have a mode select
5980	 * handler for it, send back an error to the user.
5981	 */
5982	if ((page_index == NULL)
5983	 || (page_index->select_handler == NULL)) {
5984		ctl_set_invalid_field(ctsio,
5985				      /*sks_valid*/ 1,
5986				      /*command*/ 0,
5987				      /*field*/ *len_used,
5988				      /*bit_valid*/ 0,
5989				      /*bit*/ 0);
5990		free(ctsio->kern_data_ptr, M_CTL);
5991		ctl_done((union ctl_io *)ctsio);
5992		return (CTL_RETVAL_COMPLETE);
5993	}
5994
5995	if (page_index->page_code & SMPH_SPF) {
5996		page_len_offset = 2;
5997		page_len_size = 2;
5998	} else {
5999		page_len_size = 1;
6000		page_len_offset = 1;
6001	}
6002
6003	/*
6004	 * If the length the initiator gives us isn't the one we specify in
6005	 * the mode page header, or if they didn't specify enough data in
6006	 * the CDB to avoid truncating this page, kick out the request.
6007	 */
6008	if ((page_len != (page_index->page_len - page_len_offset -
6009			  page_len_size))
6010	 || (*len_left < page_index->page_len)) {
6011
6012
6013		ctl_set_invalid_field(ctsio,
6014				      /*sks_valid*/ 1,
6015				      /*command*/ 0,
6016				      /*field*/ *len_used + page_len_offset,
6017				      /*bit_valid*/ 0,
6018				      /*bit*/ 0);
6019		free(ctsio->kern_data_ptr, M_CTL);
6020		ctl_done((union ctl_io *)ctsio);
6021		return (CTL_RETVAL_COMPLETE);
6022	}
6023
6024	/*
6025	 * Run through the mode page, checking to make sure that the bits
6026	 * the user changed are actually legal for him to change.
6027	 */
6028	for (i = 0; i < page_index->page_len; i++) {
6029		uint8_t *user_byte, *change_mask, *current_byte;
6030		int bad_bit;
6031		int j;
6032
6033		user_byte = (uint8_t *)page_header + i;
6034		change_mask = page_index->page_data +
6035			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6036		current_byte = page_index->page_data +
6037			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6038
6039		/*
6040		 * Check to see whether the user set any bits in this byte
6041		 * that he is not allowed to set.
6042		 */
6043		if ((*user_byte & ~(*change_mask)) ==
6044		    (*current_byte & ~(*change_mask)))
6045			continue;
6046
6047		/*
6048		 * Go through bit by bit to determine which one is illegal.
6049		 */
6050		bad_bit = 0;
6051		for (j = 7; j >= 0; j--) {
6052			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6053			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6054				bad_bit = i;
6055				break;
6056			}
6057		}
6058		ctl_set_invalid_field(ctsio,
6059				      /*sks_valid*/ 1,
6060				      /*command*/ 0,
6061				      /*field*/ *len_used + i,
6062				      /*bit_valid*/ 1,
6063				      /*bit*/ bad_bit);
6064		free(ctsio->kern_data_ptr, M_CTL);
6065		ctl_done((union ctl_io *)ctsio);
6066		return (CTL_RETVAL_COMPLETE);
6067	}
6068
6069	/*
6070	 * Decrement these before we call the page handler, since we may
6071	 * end up getting called back one way or another before the handler
6072	 * returns to this context.
6073	 */
6074	*len_left -= page_index->page_len;
6075	*len_used += page_index->page_len;
6076
6077	retval = page_index->select_handler(ctsio, page_index,
6078					    (uint8_t *)page_header);
6079
6080	/*
6081	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6082	 * wait until this queued command completes to finish processing
6083	 * the mode page.  If it returns anything other than
6084	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6085	 * already set the sense information, freed the data pointer, and
6086	 * completed the io for us.
6087	 */
6088	if (retval != CTL_RETVAL_COMPLETE)
6089		goto bailout_no_done;
6090
6091	/*
6092	 * If the initiator sent us more than one page, parse the next one.
6093	 */
6094	if (*len_left > 0)
6095		goto do_next_page;
6096
6097	ctl_set_success(ctsio);
6098	free(ctsio->kern_data_ptr, M_CTL);
6099	ctl_done((union ctl_io *)ctsio);
6100
6101bailout_no_done:
6102
6103	return (CTL_RETVAL_COMPLETE);
6104
6105}
6106
6107int
6108ctl_mode_select(struct ctl_scsiio *ctsio)
6109{
6110	int param_len, pf, sp;
6111	int header_size, bd_len;
6112	union ctl_modepage_info *modepage_info;
6113
6114	switch (ctsio->cdb[0]) {
6115	case MODE_SELECT_6: {
6116		struct scsi_mode_select_6 *cdb;
6117
6118		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6119
6120		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6121		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6122		param_len = cdb->length;
6123		header_size = sizeof(struct scsi_mode_header_6);
6124		break;
6125	}
6126	case MODE_SELECT_10: {
6127		struct scsi_mode_select_10 *cdb;
6128
6129		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6130
6131		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6132		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6133		param_len = scsi_2btoul(cdb->length);
6134		header_size = sizeof(struct scsi_mode_header_10);
6135		break;
6136	}
6137	default:
6138		ctl_set_invalid_opcode(ctsio);
6139		ctl_done((union ctl_io *)ctsio);
6140		return (CTL_RETVAL_COMPLETE);
6141	}
6142
6143	/*
6144	 * From SPC-3:
6145	 * "A parameter list length of zero indicates that the Data-Out Buffer
6146	 * shall be empty. This condition shall not be considered as an error."
6147	 */
6148	if (param_len == 0) {
6149		ctl_set_success(ctsio);
6150		ctl_done((union ctl_io *)ctsio);
6151		return (CTL_RETVAL_COMPLETE);
6152	}
6153
6154	/*
6155	 * Since we'll hit this the first time through, prior to
6156	 * allocation, we don't need to free a data buffer here.
6157	 */
6158	if (param_len < header_size) {
6159		ctl_set_param_len_error(ctsio);
6160		ctl_done((union ctl_io *)ctsio);
6161		return (CTL_RETVAL_COMPLETE);
6162	}
6163
6164	/*
6165	 * Allocate the data buffer and grab the user's data.  In theory,
6166	 * we shouldn't have to sanity check the parameter list length here
6167	 * because the maximum size is 64K.  We should be able to malloc
6168	 * that much without too many problems.
6169	 */
6170	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6171		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6172		ctsio->kern_data_len = param_len;
6173		ctsio->kern_total_len = param_len;
6174		ctsio->kern_data_resid = 0;
6175		ctsio->kern_rel_offset = 0;
6176		ctsio->kern_sg_entries = 0;
6177		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6178		ctsio->be_move_done = ctl_config_move_done;
6179		ctl_datamove((union ctl_io *)ctsio);
6180
6181		return (CTL_RETVAL_COMPLETE);
6182	}
6183
6184	switch (ctsio->cdb[0]) {
6185	case MODE_SELECT_6: {
6186		struct scsi_mode_header_6 *mh6;
6187
6188		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6189		bd_len = mh6->blk_desc_len;
6190		break;
6191	}
6192	case MODE_SELECT_10: {
6193		struct scsi_mode_header_10 *mh10;
6194
6195		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6196		bd_len = scsi_2btoul(mh10->blk_desc_len);
6197		break;
6198	}
6199	default:
6200		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6201		break;
6202	}
6203
6204	if (param_len < (header_size + bd_len)) {
6205		free(ctsio->kern_data_ptr, M_CTL);
6206		ctl_set_param_len_error(ctsio);
6207		ctl_done((union ctl_io *)ctsio);
6208		return (CTL_RETVAL_COMPLETE);
6209	}
6210
6211	/*
6212	 * Set the IO_CONT flag, so that if this I/O gets passed to
6213	 * ctl_config_write_done(), it'll get passed back to
6214	 * ctl_do_mode_select() for further processing, or completion if
6215	 * we're all done.
6216	 */
6217	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6218	ctsio->io_cont = ctl_do_mode_select;
6219
6220	modepage_info = (union ctl_modepage_info *)
6221		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6222	memset(modepage_info, 0, sizeof(*modepage_info));
6223	modepage_info->header.len_left = param_len - header_size - bd_len;
6224	modepage_info->header.len_used = header_size + bd_len;
6225
6226	return (ctl_do_mode_select((union ctl_io *)ctsio));
6227}
6228
6229int
6230ctl_mode_sense(struct ctl_scsiio *ctsio)
6231{
6232	struct ctl_lun *lun;
6233	int pc, page_code, dbd, llba, subpage;
6234	int alloc_len, page_len, header_len, total_len;
6235	struct scsi_mode_block_descr *block_desc;
6236	struct ctl_page_index *page_index;
6237
6238	dbd = 0;
6239	llba = 0;
6240	block_desc = NULL;
6241	page_index = NULL;
6242
6243	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6244
6245	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6246	switch (ctsio->cdb[0]) {
6247	case MODE_SENSE_6: {
6248		struct scsi_mode_sense_6 *cdb;
6249
6250		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6251
6252		header_len = sizeof(struct scsi_mode_hdr_6);
6253		if (cdb->byte2 & SMS_DBD)
6254			dbd = 1;
6255		else
6256			header_len += sizeof(struct scsi_mode_block_descr);
6257
6258		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6259		page_code = cdb->page & SMS_PAGE_CODE;
6260		subpage = cdb->subpage;
6261		alloc_len = cdb->length;
6262		break;
6263	}
6264	case MODE_SENSE_10: {
6265		struct scsi_mode_sense_10 *cdb;
6266
6267		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6268
6269		header_len = sizeof(struct scsi_mode_hdr_10);
6270
6271		if (cdb->byte2 & SMS_DBD)
6272			dbd = 1;
6273		else
6274			header_len += sizeof(struct scsi_mode_block_descr);
6275		if (cdb->byte2 & SMS10_LLBAA)
6276			llba = 1;
6277		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6278		page_code = cdb->page & SMS_PAGE_CODE;
6279		subpage = cdb->subpage;
6280		alloc_len = scsi_2btoul(cdb->length);
6281		break;
6282	}
6283	default:
6284		ctl_set_invalid_opcode(ctsio);
6285		ctl_done((union ctl_io *)ctsio);
6286		return (CTL_RETVAL_COMPLETE);
6287		break; /* NOTREACHED */
6288	}
6289
6290	/*
6291	 * We have to make a first pass through to calculate the size of
6292	 * the pages that match the user's query.  Then we allocate enough
6293	 * memory to hold it, and actually copy the data into the buffer.
6294	 */
6295	switch (page_code) {
6296	case SMS_ALL_PAGES_PAGE: {
6297		int i;
6298
6299		page_len = 0;
6300
6301		/*
6302		 * At the moment, values other than 0 and 0xff here are
6303		 * reserved according to SPC-3.
6304		 */
6305		if ((subpage != SMS_SUBPAGE_PAGE_0)
6306		 && (subpage != SMS_SUBPAGE_ALL)) {
6307			ctl_set_invalid_field(ctsio,
6308					      /*sks_valid*/ 1,
6309					      /*command*/ 1,
6310					      /*field*/ 3,
6311					      /*bit_valid*/ 0,
6312					      /*bit*/ 0);
6313			ctl_done((union ctl_io *)ctsio);
6314			return (CTL_RETVAL_COMPLETE);
6315		}
6316
6317		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6318			if (lun->be_lun->lun_type != T_DIRECT &&
6319			    (lun->mode_pages.index[i].page_flags &
6320			     CTL_PAGE_FLAG_DISK_ONLY))
6321				continue;
6322
6323			/*
6324			 * We don't use this subpage if the user didn't
6325			 * request all subpages.
6326			 */
6327			if ((lun->mode_pages.index[i].subpage != 0)
6328			 && (subpage == SMS_SUBPAGE_PAGE_0))
6329				continue;
6330
6331#if 0
6332			printf("found page %#x len %d\n",
6333			       lun->mode_pages.index[i].page_code &
6334			       SMPH_PC_MASK,
6335			       lun->mode_pages.index[i].page_len);
6336#endif
6337			page_len += lun->mode_pages.index[i].page_len;
6338		}
6339		break;
6340	}
6341	default: {
6342		int i;
6343
6344		page_len = 0;
6345
6346		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6347			/* Look for the right page code */
6348			if ((lun->mode_pages.index[i].page_code &
6349			     SMPH_PC_MASK) != page_code)
6350				continue;
6351
6352			/* Look for the right subpage or the subpage wildcard*/
6353			if ((lun->mode_pages.index[i].subpage != subpage)
6354			 && (subpage != SMS_SUBPAGE_ALL))
6355				continue;
6356
6357			/* Make sure the page is supported for this dev type */
6358			if (lun->be_lun->lun_type != T_DIRECT &&
6359			    (lun->mode_pages.index[i].page_flags &
6360			     CTL_PAGE_FLAG_DISK_ONLY))
6361				continue;
6362
6363#if 0
6364			printf("found page %#x len %d\n",
6365			       lun->mode_pages.index[i].page_code &
6366			       SMPH_PC_MASK,
6367			       lun->mode_pages.index[i].page_len);
6368#endif
6369
6370			page_len += lun->mode_pages.index[i].page_len;
6371		}
6372
6373		if (page_len == 0) {
6374			ctl_set_invalid_field(ctsio,
6375					      /*sks_valid*/ 1,
6376					      /*command*/ 1,
6377					      /*field*/ 2,
6378					      /*bit_valid*/ 1,
6379					      /*bit*/ 5);
6380			ctl_done((union ctl_io *)ctsio);
6381			return (CTL_RETVAL_COMPLETE);
6382		}
6383		break;
6384	}
6385	}
6386
6387	total_len = header_len + page_len;
6388#if 0
6389	printf("header_len = %d, page_len = %d, total_len = %d\n",
6390	       header_len, page_len, total_len);
6391#endif
6392
6393	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6394	ctsio->kern_sg_entries = 0;
6395	ctsio->kern_data_resid = 0;
6396	ctsio->kern_rel_offset = 0;
6397	if (total_len < alloc_len) {
6398		ctsio->residual = alloc_len - total_len;
6399		ctsio->kern_data_len = total_len;
6400		ctsio->kern_total_len = total_len;
6401	} else {
6402		ctsio->residual = 0;
6403		ctsio->kern_data_len = alloc_len;
6404		ctsio->kern_total_len = alloc_len;
6405	}
6406
6407	switch (ctsio->cdb[0]) {
6408	case MODE_SENSE_6: {
6409		struct scsi_mode_hdr_6 *header;
6410
6411		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6412
6413		header->datalen = MIN(total_len - 1, 254);
6414		if (lun->be_lun->lun_type == T_DIRECT) {
6415			header->dev_specific = 0x10; /* DPOFUA */
6416			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6417			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6418			    .eca_and_aen & SCP_SWP) != 0)
6419				    header->dev_specific |= 0x80; /* WP */
6420		}
6421		if (dbd)
6422			header->block_descr_len = 0;
6423		else
6424			header->block_descr_len =
6425				sizeof(struct scsi_mode_block_descr);
6426		block_desc = (struct scsi_mode_block_descr *)&header[1];
6427		break;
6428	}
6429	case MODE_SENSE_10: {
6430		struct scsi_mode_hdr_10 *header;
6431		int datalen;
6432
6433		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6434
6435		datalen = MIN(total_len - 2, 65533);
6436		scsi_ulto2b(datalen, header->datalen);
6437		if (lun->be_lun->lun_type == T_DIRECT) {
6438			header->dev_specific = 0x10; /* DPOFUA */
6439			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6440			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6441			    .eca_and_aen & SCP_SWP) != 0)
6442				    header->dev_specific |= 0x80; /* WP */
6443		}
6444		if (dbd)
6445			scsi_ulto2b(0, header->block_descr_len);
6446		else
6447			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6448				    header->block_descr_len);
6449		block_desc = (struct scsi_mode_block_descr *)&header[1];
6450		break;
6451	}
6452	default:
6453		panic("invalid CDB type %#x", ctsio->cdb[0]);
6454		break; /* NOTREACHED */
6455	}
6456
6457	/*
6458	 * If we've got a disk, use its blocksize in the block
6459	 * descriptor.  Otherwise, just set it to 0.
6460	 */
6461	if (dbd == 0) {
6462		if (lun->be_lun->lun_type == T_DIRECT)
6463			scsi_ulto3b(lun->be_lun->blocksize,
6464				    block_desc->block_len);
6465		else
6466			scsi_ulto3b(0, block_desc->block_len);
6467	}
6468
6469	switch (page_code) {
6470	case SMS_ALL_PAGES_PAGE: {
6471		int i, data_used;
6472
6473		data_used = header_len;
6474		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6475			struct ctl_page_index *page_index;
6476
6477			page_index = &lun->mode_pages.index[i];
6478
6479			if (lun->be_lun->lun_type != T_DIRECT &&
6480			    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
6481				continue;
6482
6483			/*
6484			 * We don't use this subpage if the user didn't
6485			 * request all subpages.  We already checked (above)
6486			 * to make sure the user only specified a subpage
6487			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6488			 */
6489			if ((page_index->subpage != 0)
6490			 && (subpage == SMS_SUBPAGE_PAGE_0))
6491				continue;
6492
6493			/*
6494			 * Call the handler, if it exists, to update the
6495			 * page to the latest values.
6496			 */
6497			if (page_index->sense_handler != NULL)
6498				page_index->sense_handler(ctsio, page_index,pc);
6499
6500			memcpy(ctsio->kern_data_ptr + data_used,
6501			       page_index->page_data +
6502			       (page_index->page_len * pc),
6503			       page_index->page_len);
6504			data_used += page_index->page_len;
6505		}
6506		break;
6507	}
6508	default: {
6509		int i, data_used;
6510
6511		data_used = header_len;
6512
6513		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6514			struct ctl_page_index *page_index;
6515
6516			page_index = &lun->mode_pages.index[i];
6517
6518			/* Look for the right page code */
6519			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6520				continue;
6521
6522			/* Look for the right subpage or the subpage wildcard*/
6523			if ((page_index->subpage != subpage)
6524			 && (subpage != SMS_SUBPAGE_ALL))
6525				continue;
6526
6527			/* Make sure the page is supported for this dev type */
6528			if (lun->be_lun->lun_type != T_DIRECT &&
6529			    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
6530				continue;
6531
6532			/*
6533			 * Call the handler, if it exists, to update the
6534			 * page to the latest values.
6535			 */
6536			if (page_index->sense_handler != NULL)
6537				page_index->sense_handler(ctsio, page_index,pc);
6538
6539			memcpy(ctsio->kern_data_ptr + data_used,
6540			       page_index->page_data +
6541			       (page_index->page_len * pc),
6542			       page_index->page_len);
6543			data_used += page_index->page_len;
6544		}
6545		break;
6546	}
6547	}
6548
6549	ctl_set_success(ctsio);
6550	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6551	ctsio->be_move_done = ctl_config_move_done;
6552	ctl_datamove((union ctl_io *)ctsio);
6553	return (CTL_RETVAL_COMPLETE);
6554}
6555
6556int
6557ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6558			       struct ctl_page_index *page_index,
6559			       int pc)
6560{
6561	struct ctl_lun *lun;
6562	struct scsi_log_param_header *phdr;
6563	uint8_t *data;
6564	uint64_t val;
6565
6566	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6567	data = page_index->page_data;
6568
6569	if (lun->backend->lun_attr != NULL &&
6570	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6571	     != UINT64_MAX) {
6572		phdr = (struct scsi_log_param_header *)data;
6573		scsi_ulto2b(0x0001, phdr->param_code);
6574		phdr->param_control = SLP_LBIN | SLP_LP;
6575		phdr->param_len = 8;
6576		data = (uint8_t *)(phdr + 1);
6577		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6578		data[4] = 0x02; /* per-pool */
6579		data += phdr->param_len;
6580	}
6581
6582	if (lun->backend->lun_attr != NULL &&
6583	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6584	     != UINT64_MAX) {
6585		phdr = (struct scsi_log_param_header *)data;
6586		scsi_ulto2b(0x0002, phdr->param_code);
6587		phdr->param_control = SLP_LBIN | SLP_LP;
6588		phdr->param_len = 8;
6589		data = (uint8_t *)(phdr + 1);
6590		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6591		data[4] = 0x01; /* per-LUN */
6592		data += phdr->param_len;
6593	}
6594
6595	if (lun->backend->lun_attr != NULL &&
6596	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6597	     != UINT64_MAX) {
6598		phdr = (struct scsi_log_param_header *)data;
6599		scsi_ulto2b(0x00f1, phdr->param_code);
6600		phdr->param_control = SLP_LBIN | SLP_LP;
6601		phdr->param_len = 8;
6602		data = (uint8_t *)(phdr + 1);
6603		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6604		data[4] = 0x02; /* per-pool */
6605		data += phdr->param_len;
6606	}
6607
6608	if (lun->backend->lun_attr != NULL &&
6609	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6610	     != UINT64_MAX) {
6611		phdr = (struct scsi_log_param_header *)data;
6612		scsi_ulto2b(0x00f2, phdr->param_code);
6613		phdr->param_control = SLP_LBIN | SLP_LP;
6614		phdr->param_len = 8;
6615		data = (uint8_t *)(phdr + 1);
6616		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6617		data[4] = 0x02; /* per-pool */
6618		data += phdr->param_len;
6619	}
6620
6621	page_index->page_len = data - page_index->page_data;
6622	return (0);
6623}
6624
6625int
6626ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6627			       struct ctl_page_index *page_index,
6628			       int pc)
6629{
6630	struct ctl_lun *lun;
6631	struct stat_page *data;
6632	uint64_t rn, wn, rb, wb;
6633	struct bintime rt, wt;
6634	int i;
6635
6636	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6637	data = (struct stat_page *)page_index->page_data;
6638
6639	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6640	data->sap.hdr.param_control = SLP_LBIN;
6641	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6642	    sizeof(struct scsi_log_param_header);
6643	rn = wn = rb = wb = 0;
6644	bintime_clear(&rt);
6645	bintime_clear(&wt);
6646	for (i = 0; i < CTL_MAX_PORTS; i++) {
6647		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6648		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6649		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6650		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6651		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6652		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6653	}
6654	scsi_u64to8b(rn, data->sap.read_num);
6655	scsi_u64to8b(wn, data->sap.write_num);
6656	if (lun->stats.blocksize > 0) {
6657		scsi_u64to8b(wb / lun->stats.blocksize,
6658		    data->sap.recvieved_lba);
6659		scsi_u64to8b(rb / lun->stats.blocksize,
6660		    data->sap.transmitted_lba);
6661	}
6662	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6663	    data->sap.read_int);
6664	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6665	    data->sap.write_int);
6666	scsi_u64to8b(0, data->sap.weighted_num);
6667	scsi_u64to8b(0, data->sap.weighted_int);
6668	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6669	data->it.hdr.param_control = SLP_LBIN;
6670	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6671	    sizeof(struct scsi_log_param_header);
6672#ifdef CTL_TIME_IO
6673	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6674#endif
6675	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6676	data->it.hdr.param_control = SLP_LBIN;
6677	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6678	    sizeof(struct scsi_log_param_header);
6679	scsi_ulto4b(3, data->ti.exponent);
6680	scsi_ulto4b(1, data->ti.integer);
6681
6682	page_index->page_len = sizeof(*data);
6683	return (0);
6684}
6685
6686int
6687ctl_log_sense(struct ctl_scsiio *ctsio)
6688{
6689	struct ctl_lun *lun;
6690	int i, pc, page_code, subpage;
6691	int alloc_len, total_len;
6692	struct ctl_page_index *page_index;
6693	struct scsi_log_sense *cdb;
6694	struct scsi_log_header *header;
6695
6696	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6697
6698	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6699	cdb = (struct scsi_log_sense *)ctsio->cdb;
6700	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6701	page_code = cdb->page & SLS_PAGE_CODE;
6702	subpage = cdb->subpage;
6703	alloc_len = scsi_2btoul(cdb->length);
6704
6705	page_index = NULL;
6706	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6707		page_index = &lun->log_pages.index[i];
6708
6709		/* Look for the right page code */
6710		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6711			continue;
6712
6713		/* Look for the right subpage or the subpage wildcard*/
6714		if (page_index->subpage != subpage)
6715			continue;
6716
6717		break;
6718	}
6719	if (i >= CTL_NUM_LOG_PAGES) {
6720		ctl_set_invalid_field(ctsio,
6721				      /*sks_valid*/ 1,
6722				      /*command*/ 1,
6723				      /*field*/ 2,
6724				      /*bit_valid*/ 0,
6725				      /*bit*/ 0);
6726		ctl_done((union ctl_io *)ctsio);
6727		return (CTL_RETVAL_COMPLETE);
6728	}
6729
6730	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6731
6732	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6733	ctsio->kern_sg_entries = 0;
6734	ctsio->kern_data_resid = 0;
6735	ctsio->kern_rel_offset = 0;
6736	if (total_len < alloc_len) {
6737		ctsio->residual = alloc_len - total_len;
6738		ctsio->kern_data_len = total_len;
6739		ctsio->kern_total_len = total_len;
6740	} else {
6741		ctsio->residual = 0;
6742		ctsio->kern_data_len = alloc_len;
6743		ctsio->kern_total_len = alloc_len;
6744	}
6745
6746	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6747	header->page = page_index->page_code;
6748	if (page_index->subpage) {
6749		header->page |= SL_SPF;
6750		header->subpage = page_index->subpage;
6751	}
6752	scsi_ulto2b(page_index->page_len, header->datalen);
6753
6754	/*
6755	 * Call the handler, if it exists, to update the
6756	 * page to the latest values.
6757	 */
6758	if (page_index->sense_handler != NULL)
6759		page_index->sense_handler(ctsio, page_index, pc);
6760
6761	memcpy(header + 1, page_index->page_data, page_index->page_len);
6762
6763	ctl_set_success(ctsio);
6764	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6765	ctsio->be_move_done = ctl_config_move_done;
6766	ctl_datamove((union ctl_io *)ctsio);
6767	return (CTL_RETVAL_COMPLETE);
6768}
6769
6770int
6771ctl_read_capacity(struct ctl_scsiio *ctsio)
6772{
6773	struct scsi_read_capacity *cdb;
6774	struct scsi_read_capacity_data *data;
6775	struct ctl_lun *lun;
6776	uint32_t lba;
6777
6778	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6779
6780	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6781
6782	lba = scsi_4btoul(cdb->addr);
6783	if (((cdb->pmi & SRC_PMI) == 0)
6784	 && (lba != 0)) {
6785		ctl_set_invalid_field(/*ctsio*/ ctsio,
6786				      /*sks_valid*/ 1,
6787				      /*command*/ 1,
6788				      /*field*/ 2,
6789				      /*bit_valid*/ 0,
6790				      /*bit*/ 0);
6791		ctl_done((union ctl_io *)ctsio);
6792		return (CTL_RETVAL_COMPLETE);
6793	}
6794
6795	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6796
6797	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6798	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6799	ctsio->residual = 0;
6800	ctsio->kern_data_len = sizeof(*data);
6801	ctsio->kern_total_len = sizeof(*data);
6802	ctsio->kern_data_resid = 0;
6803	ctsio->kern_rel_offset = 0;
6804	ctsio->kern_sg_entries = 0;
6805
6806	/*
6807	 * If the maximum LBA is greater than 0xfffffffe, the user must
6808	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6809	 * serivce action set.
6810	 */
6811	if (lun->be_lun->maxlba > 0xfffffffe)
6812		scsi_ulto4b(0xffffffff, data->addr);
6813	else
6814		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6815
6816	/*
6817	 * XXX KDM this may not be 512 bytes...
6818	 */
6819	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6820
6821	ctl_set_success(ctsio);
6822	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6823	ctsio->be_move_done = ctl_config_move_done;
6824	ctl_datamove((union ctl_io *)ctsio);
6825	return (CTL_RETVAL_COMPLETE);
6826}
6827
6828int
6829ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6830{
6831	struct scsi_read_capacity_16 *cdb;
6832	struct scsi_read_capacity_data_long *data;
6833	struct ctl_lun *lun;
6834	uint64_t lba;
6835	uint32_t alloc_len;
6836
6837	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6838
6839	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6840
6841	alloc_len = scsi_4btoul(cdb->alloc_len);
6842	lba = scsi_8btou64(cdb->addr);
6843
6844	if ((cdb->reladr & SRC16_PMI)
6845	 && (lba != 0)) {
6846		ctl_set_invalid_field(/*ctsio*/ ctsio,
6847				      /*sks_valid*/ 1,
6848				      /*command*/ 1,
6849				      /*field*/ 2,
6850				      /*bit_valid*/ 0,
6851				      /*bit*/ 0);
6852		ctl_done((union ctl_io *)ctsio);
6853		return (CTL_RETVAL_COMPLETE);
6854	}
6855
6856	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6857
6858	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6859	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6860
6861	if (sizeof(*data) < alloc_len) {
6862		ctsio->residual = alloc_len - sizeof(*data);
6863		ctsio->kern_data_len = sizeof(*data);
6864		ctsio->kern_total_len = sizeof(*data);
6865	} else {
6866		ctsio->residual = 0;
6867		ctsio->kern_data_len = alloc_len;
6868		ctsio->kern_total_len = alloc_len;
6869	}
6870	ctsio->kern_data_resid = 0;
6871	ctsio->kern_rel_offset = 0;
6872	ctsio->kern_sg_entries = 0;
6873
6874	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6875	/* XXX KDM this may not be 512 bytes... */
6876	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6877	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6878	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6879	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6880		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6881
6882	ctl_set_success(ctsio);
6883	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6884	ctsio->be_move_done = ctl_config_move_done;
6885	ctl_datamove((union ctl_io *)ctsio);
6886	return (CTL_RETVAL_COMPLETE);
6887}
6888
6889int
6890ctl_get_lba_status(struct ctl_scsiio *ctsio)
6891{
6892	struct scsi_get_lba_status *cdb;
6893	struct scsi_get_lba_status_data *data;
6894	struct ctl_lun *lun;
6895	struct ctl_lba_len_flags *lbalen;
6896	uint64_t lba;
6897	uint32_t alloc_len, total_len;
6898	int retval;
6899
6900	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6901
6902	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6903	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6904	lba = scsi_8btou64(cdb->addr);
6905	alloc_len = scsi_4btoul(cdb->alloc_len);
6906
6907	if (lba > lun->be_lun->maxlba) {
6908		ctl_set_lba_out_of_range(ctsio);
6909		ctl_done((union ctl_io *)ctsio);
6910		return (CTL_RETVAL_COMPLETE);
6911	}
6912
6913	total_len = sizeof(*data) + sizeof(data->descr[0]);
6914	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6915	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6916
6917	if (total_len < alloc_len) {
6918		ctsio->residual = alloc_len - total_len;
6919		ctsio->kern_data_len = total_len;
6920		ctsio->kern_total_len = total_len;
6921	} else {
6922		ctsio->residual = 0;
6923		ctsio->kern_data_len = alloc_len;
6924		ctsio->kern_total_len = alloc_len;
6925	}
6926	ctsio->kern_data_resid = 0;
6927	ctsio->kern_rel_offset = 0;
6928	ctsio->kern_sg_entries = 0;
6929
6930	/* Fill dummy data in case backend can't tell anything. */
6931	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6932	scsi_u64to8b(lba, data->descr[0].addr);
6933	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6934	    data->descr[0].length);
6935	data->descr[0].status = 0; /* Mapped or unknown. */
6936
6937	ctl_set_success(ctsio);
6938	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6939	ctsio->be_move_done = ctl_config_move_done;
6940
6941	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6942	lbalen->lba = lba;
6943	lbalen->len = total_len;
6944	lbalen->flags = 0;
6945	retval = lun->backend->config_read((union ctl_io *)ctsio);
6946	return (CTL_RETVAL_COMPLETE);
6947}
6948
6949int
6950ctl_read_defect(struct ctl_scsiio *ctsio)
6951{
6952	struct scsi_read_defect_data_10 *ccb10;
6953	struct scsi_read_defect_data_12 *ccb12;
6954	struct scsi_read_defect_data_hdr_10 *data10;
6955	struct scsi_read_defect_data_hdr_12 *data12;
6956	uint32_t alloc_len, data_len;
6957	uint8_t format;
6958
6959	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6960
6961	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6962		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6963		format = ccb10->format;
6964		alloc_len = scsi_2btoul(ccb10->alloc_length);
6965		data_len = sizeof(*data10);
6966	} else {
6967		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6968		format = ccb12->format;
6969		alloc_len = scsi_4btoul(ccb12->alloc_length);
6970		data_len = sizeof(*data12);
6971	}
6972	if (alloc_len == 0) {
6973		ctl_set_success(ctsio);
6974		ctl_done((union ctl_io *)ctsio);
6975		return (CTL_RETVAL_COMPLETE);
6976	}
6977
6978	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6979	if (data_len < alloc_len) {
6980		ctsio->residual = alloc_len - data_len;
6981		ctsio->kern_data_len = data_len;
6982		ctsio->kern_total_len = data_len;
6983	} else {
6984		ctsio->residual = 0;
6985		ctsio->kern_data_len = alloc_len;
6986		ctsio->kern_total_len = alloc_len;
6987	}
6988	ctsio->kern_data_resid = 0;
6989	ctsio->kern_rel_offset = 0;
6990	ctsio->kern_sg_entries = 0;
6991
6992	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6993		data10 = (struct scsi_read_defect_data_hdr_10 *)
6994		    ctsio->kern_data_ptr;
6995		data10->format = format;
6996		scsi_ulto2b(0, data10->length);
6997	} else {
6998		data12 = (struct scsi_read_defect_data_hdr_12 *)
6999		    ctsio->kern_data_ptr;
7000		data12->format = format;
7001		scsi_ulto2b(0, data12->generation);
7002		scsi_ulto4b(0, data12->length);
7003	}
7004
7005	ctl_set_success(ctsio);
7006	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7007	ctsio->be_move_done = ctl_config_move_done;
7008	ctl_datamove((union ctl_io *)ctsio);
7009	return (CTL_RETVAL_COMPLETE);
7010}
7011
7012int
7013ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7014{
7015	struct scsi_maintenance_in *cdb;
7016	int retval;
7017	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7018	int num_target_port_groups, num_target_ports;
7019	struct ctl_lun *lun;
7020	struct ctl_softc *softc;
7021	struct ctl_port *port;
7022	struct scsi_target_group_data *rtg_ptr;
7023	struct scsi_target_group_data_extended *rtg_ext_ptr;
7024	struct scsi_target_port_group_descriptor *tpg_desc;
7025
7026	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7027
7028	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7029	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7030	softc = lun->ctl_softc;
7031
7032	retval = CTL_RETVAL_COMPLETE;
7033
7034	switch (cdb->byte2 & STG_PDF_MASK) {
7035	case STG_PDF_LENGTH:
7036		ext = 0;
7037		break;
7038	case STG_PDF_EXTENDED:
7039		ext = 1;
7040		break;
7041	default:
7042		ctl_set_invalid_field(/*ctsio*/ ctsio,
7043				      /*sks_valid*/ 1,
7044				      /*command*/ 1,
7045				      /*field*/ 2,
7046				      /*bit_valid*/ 1,
7047				      /*bit*/ 5);
7048		ctl_done((union ctl_io *)ctsio);
7049		return(retval);
7050	}
7051
7052	if (softc->is_single)
7053		num_target_port_groups = 1;
7054	else
7055		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7056	num_target_ports = 0;
7057	mtx_lock(&softc->ctl_lock);
7058	STAILQ_FOREACH(port, &softc->port_list, links) {
7059		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7060			continue;
7061		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7062			continue;
7063		num_target_ports++;
7064	}
7065	mtx_unlock(&softc->ctl_lock);
7066
7067	if (ext)
7068		total_len = sizeof(struct scsi_target_group_data_extended);
7069	else
7070		total_len = sizeof(struct scsi_target_group_data);
7071	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7072		num_target_port_groups +
7073	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7074
7075	alloc_len = scsi_4btoul(cdb->length);
7076
7077	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7078
7079	ctsio->kern_sg_entries = 0;
7080
7081	if (total_len < alloc_len) {
7082		ctsio->residual = alloc_len - total_len;
7083		ctsio->kern_data_len = total_len;
7084		ctsio->kern_total_len = total_len;
7085	} else {
7086		ctsio->residual = 0;
7087		ctsio->kern_data_len = alloc_len;
7088		ctsio->kern_total_len = alloc_len;
7089	}
7090	ctsio->kern_data_resid = 0;
7091	ctsio->kern_rel_offset = 0;
7092
7093	if (ext) {
7094		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7095		    ctsio->kern_data_ptr;
7096		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7097		rtg_ext_ptr->format_type = 0x10;
7098		rtg_ext_ptr->implicit_transition_time = 0;
7099		tpg_desc = &rtg_ext_ptr->groups[0];
7100	} else {
7101		rtg_ptr = (struct scsi_target_group_data *)
7102		    ctsio->kern_data_ptr;
7103		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7104		tpg_desc = &rtg_ptr->groups[0];
7105	}
7106
7107	mtx_lock(&softc->ctl_lock);
7108	pg = softc->port_min / softc->port_cnt;
7109	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7110		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7111	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7112		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7113	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7114		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7115	else
7116		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7117	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7118		os = gs;
7119		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7120	} else
7121		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7122	for (g = 0; g < num_target_port_groups; g++) {
7123		tpg_desc->pref_state = (g == pg) ? gs : os;
7124		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7125		    TPG_U_SUP | TPG_T_SUP;
7126		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7127		tpg_desc->status = TPG_IMPLICIT;
7128		pc = 0;
7129		STAILQ_FOREACH(port, &softc->port_list, links) {
7130			if (port->targ_port < g * softc->port_cnt ||
7131			    port->targ_port >= (g + 1) * softc->port_cnt)
7132				continue;
7133			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7134				continue;
7135			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7136				continue;
7137			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7138			    relative_target_port_identifier);
7139			pc++;
7140		}
7141		tpg_desc->target_port_count = pc;
7142		tpg_desc = (struct scsi_target_port_group_descriptor *)
7143		    &tpg_desc->descriptors[pc];
7144	}
7145	mtx_unlock(&softc->ctl_lock);
7146
7147	ctl_set_success(ctsio);
7148	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7149	ctsio->be_move_done = ctl_config_move_done;
7150	ctl_datamove((union ctl_io *)ctsio);
7151	return(retval);
7152}
7153
7154int
7155ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7156{
7157	struct ctl_lun *lun;
7158	struct scsi_report_supported_opcodes *cdb;
7159	const struct ctl_cmd_entry *entry, *sentry;
7160	struct scsi_report_supported_opcodes_all *all;
7161	struct scsi_report_supported_opcodes_descr *descr;
7162	struct scsi_report_supported_opcodes_one *one;
7163	int retval;
7164	int alloc_len, total_len;
7165	int opcode, service_action, i, j, num;
7166
7167	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7168
7169	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7170	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7171
7172	retval = CTL_RETVAL_COMPLETE;
7173
7174	opcode = cdb->requested_opcode;
7175	service_action = scsi_2btoul(cdb->requested_service_action);
7176	switch (cdb->options & RSO_OPTIONS_MASK) {
7177	case RSO_OPTIONS_ALL:
7178		num = 0;
7179		for (i = 0; i < 256; i++) {
7180			entry = &ctl_cmd_table[i];
7181			if (entry->flags & CTL_CMD_FLAG_SA5) {
7182				for (j = 0; j < 32; j++) {
7183					sentry = &((const struct ctl_cmd_entry *)
7184					    entry->execute)[j];
7185					if (ctl_cmd_applicable(
7186					    lun->be_lun->lun_type, sentry))
7187						num++;
7188				}
7189			} else {
7190				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7191				    entry))
7192					num++;
7193			}
7194		}
7195		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7196		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7197		break;
7198	case RSO_OPTIONS_OC:
7199		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7200			ctl_set_invalid_field(/*ctsio*/ ctsio,
7201					      /*sks_valid*/ 1,
7202					      /*command*/ 1,
7203					      /*field*/ 2,
7204					      /*bit_valid*/ 1,
7205					      /*bit*/ 2);
7206			ctl_done((union ctl_io *)ctsio);
7207			return (CTL_RETVAL_COMPLETE);
7208		}
7209		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7210		break;
7211	case RSO_OPTIONS_OC_SA:
7212		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7213		    service_action >= 32) {
7214			ctl_set_invalid_field(/*ctsio*/ ctsio,
7215					      /*sks_valid*/ 1,
7216					      /*command*/ 1,
7217					      /*field*/ 2,
7218					      /*bit_valid*/ 1,
7219					      /*bit*/ 2);
7220			ctl_done((union ctl_io *)ctsio);
7221			return (CTL_RETVAL_COMPLETE);
7222		}
7223		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7224		break;
7225	default:
7226		ctl_set_invalid_field(/*ctsio*/ ctsio,
7227				      /*sks_valid*/ 1,
7228				      /*command*/ 1,
7229				      /*field*/ 2,
7230				      /*bit_valid*/ 1,
7231				      /*bit*/ 2);
7232		ctl_done((union ctl_io *)ctsio);
7233		return (CTL_RETVAL_COMPLETE);
7234	}
7235
7236	alloc_len = scsi_4btoul(cdb->length);
7237
7238	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7239
7240	ctsio->kern_sg_entries = 0;
7241
7242	if (total_len < alloc_len) {
7243		ctsio->residual = alloc_len - total_len;
7244		ctsio->kern_data_len = total_len;
7245		ctsio->kern_total_len = total_len;
7246	} else {
7247		ctsio->residual = 0;
7248		ctsio->kern_data_len = alloc_len;
7249		ctsio->kern_total_len = alloc_len;
7250	}
7251	ctsio->kern_data_resid = 0;
7252	ctsio->kern_rel_offset = 0;
7253
7254	switch (cdb->options & RSO_OPTIONS_MASK) {
7255	case RSO_OPTIONS_ALL:
7256		all = (struct scsi_report_supported_opcodes_all *)
7257		    ctsio->kern_data_ptr;
7258		num = 0;
7259		for (i = 0; i < 256; i++) {
7260			entry = &ctl_cmd_table[i];
7261			if (entry->flags & CTL_CMD_FLAG_SA5) {
7262				for (j = 0; j < 32; j++) {
7263					sentry = &((const struct ctl_cmd_entry *)
7264					    entry->execute)[j];
7265					if (!ctl_cmd_applicable(
7266					    lun->be_lun->lun_type, sentry))
7267						continue;
7268					descr = &all->descr[num++];
7269					descr->opcode = i;
7270					scsi_ulto2b(j, descr->service_action);
7271					descr->flags = RSO_SERVACTV;
7272					scsi_ulto2b(sentry->length,
7273					    descr->cdb_length);
7274				}
7275			} else {
7276				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7277				    entry))
7278					continue;
7279				descr = &all->descr[num++];
7280				descr->opcode = i;
7281				scsi_ulto2b(0, descr->service_action);
7282				descr->flags = 0;
7283				scsi_ulto2b(entry->length, descr->cdb_length);
7284			}
7285		}
7286		scsi_ulto4b(
7287		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7288		    all->length);
7289		break;
7290	case RSO_OPTIONS_OC:
7291		one = (struct scsi_report_supported_opcodes_one *)
7292		    ctsio->kern_data_ptr;
7293		entry = &ctl_cmd_table[opcode];
7294		goto fill_one;
7295	case RSO_OPTIONS_OC_SA:
7296		one = (struct scsi_report_supported_opcodes_one *)
7297		    ctsio->kern_data_ptr;
7298		entry = &ctl_cmd_table[opcode];
7299		entry = &((const struct ctl_cmd_entry *)
7300		    entry->execute)[service_action];
7301fill_one:
7302		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7303			one->support = 3;
7304			scsi_ulto2b(entry->length, one->cdb_length);
7305			one->cdb_usage[0] = opcode;
7306			memcpy(&one->cdb_usage[1], entry->usage,
7307			    entry->length - 1);
7308		} else
7309			one->support = 1;
7310		break;
7311	}
7312
7313	ctl_set_success(ctsio);
7314	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7315	ctsio->be_move_done = ctl_config_move_done;
7316	ctl_datamove((union ctl_io *)ctsio);
7317	return(retval);
7318}
7319
7320int
7321ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7322{
7323	struct scsi_report_supported_tmf *cdb;
7324	struct scsi_report_supported_tmf_data *data;
7325	int retval;
7326	int alloc_len, total_len;
7327
7328	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7329
7330	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7331
7332	retval = CTL_RETVAL_COMPLETE;
7333
7334	total_len = sizeof(struct scsi_report_supported_tmf_data);
7335	alloc_len = scsi_4btoul(cdb->length);
7336
7337	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7338
7339	ctsio->kern_sg_entries = 0;
7340
7341	if (total_len < alloc_len) {
7342		ctsio->residual = alloc_len - total_len;
7343		ctsio->kern_data_len = total_len;
7344		ctsio->kern_total_len = total_len;
7345	} else {
7346		ctsio->residual = 0;
7347		ctsio->kern_data_len = alloc_len;
7348		ctsio->kern_total_len = alloc_len;
7349	}
7350	ctsio->kern_data_resid = 0;
7351	ctsio->kern_rel_offset = 0;
7352
7353	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7354	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7355	    RST_TRS;
7356	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7357
7358	ctl_set_success(ctsio);
7359	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7360	ctsio->be_move_done = ctl_config_move_done;
7361	ctl_datamove((union ctl_io *)ctsio);
7362	return (retval);
7363}
7364
7365int
7366ctl_report_timestamp(struct ctl_scsiio *ctsio)
7367{
7368	struct scsi_report_timestamp *cdb;
7369	struct scsi_report_timestamp_data *data;
7370	struct timeval tv;
7371	int64_t timestamp;
7372	int retval;
7373	int alloc_len, total_len;
7374
7375	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7376
7377	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7378
7379	retval = CTL_RETVAL_COMPLETE;
7380
7381	total_len = sizeof(struct scsi_report_timestamp_data);
7382	alloc_len = scsi_4btoul(cdb->length);
7383
7384	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7385
7386	ctsio->kern_sg_entries = 0;
7387
7388	if (total_len < alloc_len) {
7389		ctsio->residual = alloc_len - total_len;
7390		ctsio->kern_data_len = total_len;
7391		ctsio->kern_total_len = total_len;
7392	} else {
7393		ctsio->residual = 0;
7394		ctsio->kern_data_len = alloc_len;
7395		ctsio->kern_total_len = alloc_len;
7396	}
7397	ctsio->kern_data_resid = 0;
7398	ctsio->kern_rel_offset = 0;
7399
7400	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7401	scsi_ulto2b(sizeof(*data) - 2, data->length);
7402	data->origin = RTS_ORIG_OUTSIDE;
7403	getmicrotime(&tv);
7404	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7405	scsi_ulto4b(timestamp >> 16, data->timestamp);
7406	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7407
7408	ctl_set_success(ctsio);
7409	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7410	ctsio->be_move_done = ctl_config_move_done;
7411	ctl_datamove((union ctl_io *)ctsio);
7412	return (retval);
7413}
7414
7415int
7416ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7417{
7418	struct scsi_per_res_in *cdb;
7419	int alloc_len, total_len = 0;
7420	/* struct scsi_per_res_in_rsrv in_data; */
7421	struct ctl_lun *lun;
7422	struct ctl_softc *softc;
7423	uint64_t key;
7424
7425	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7426
7427	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7428
7429	alloc_len = scsi_2btoul(cdb->length);
7430
7431	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7432	softc = lun->ctl_softc;
7433
7434retry:
7435	mtx_lock(&lun->lun_lock);
7436	switch (cdb->action) {
7437	case SPRI_RK: /* read keys */
7438		total_len = sizeof(struct scsi_per_res_in_keys) +
7439			lun->pr_key_count *
7440			sizeof(struct scsi_per_res_key);
7441		break;
7442	case SPRI_RR: /* read reservation */
7443		if (lun->flags & CTL_LUN_PR_RESERVED)
7444			total_len = sizeof(struct scsi_per_res_in_rsrv);
7445		else
7446			total_len = sizeof(struct scsi_per_res_in_header);
7447		break;
7448	case SPRI_RC: /* report capabilities */
7449		total_len = sizeof(struct scsi_per_res_cap);
7450		break;
7451	case SPRI_RS: /* read full status */
7452		total_len = sizeof(struct scsi_per_res_in_header) +
7453		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7454		    lun->pr_key_count;
7455		break;
7456	default:
7457		panic("Invalid PR type %x", cdb->action);
7458	}
7459	mtx_unlock(&lun->lun_lock);
7460
7461	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7462
7463	if (total_len < alloc_len) {
7464		ctsio->residual = alloc_len - total_len;
7465		ctsio->kern_data_len = total_len;
7466		ctsio->kern_total_len = total_len;
7467	} else {
7468		ctsio->residual = 0;
7469		ctsio->kern_data_len = alloc_len;
7470		ctsio->kern_total_len = alloc_len;
7471	}
7472
7473	ctsio->kern_data_resid = 0;
7474	ctsio->kern_rel_offset = 0;
7475	ctsio->kern_sg_entries = 0;
7476
7477	mtx_lock(&lun->lun_lock);
7478	switch (cdb->action) {
7479	case SPRI_RK: { // read keys
7480        struct scsi_per_res_in_keys *res_keys;
7481		int i, key_count;
7482
7483		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7484
7485		/*
7486		 * We had to drop the lock to allocate our buffer, which
7487		 * leaves time for someone to come in with another
7488		 * persistent reservation.  (That is unlikely, though,
7489		 * since this should be the only persistent reservation
7490		 * command active right now.)
7491		 */
7492		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7493		    (lun->pr_key_count *
7494		     sizeof(struct scsi_per_res_key)))){
7495			mtx_unlock(&lun->lun_lock);
7496			free(ctsio->kern_data_ptr, M_CTL);
7497			printf("%s: reservation length changed, retrying\n",
7498			       __func__);
7499			goto retry;
7500		}
7501
7502		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7503
7504		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7505			     lun->pr_key_count, res_keys->header.length);
7506
7507		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7508			if ((key = ctl_get_prkey(lun, i)) == 0)
7509				continue;
7510
7511			/*
7512			 * We used lun->pr_key_count to calculate the
7513			 * size to allocate.  If it turns out the number of
7514			 * initiators with the registered flag set is
7515			 * larger than that (i.e. they haven't been kept in
7516			 * sync), we've got a problem.
7517			 */
7518			if (key_count >= lun->pr_key_count) {
7519				key_count++;
7520				continue;
7521			}
7522			scsi_u64to8b(key, res_keys->keys[key_count].key);
7523			key_count++;
7524		}
7525		break;
7526	}
7527	case SPRI_RR: { // read reservation
7528		struct scsi_per_res_in_rsrv *res;
7529		int tmp_len, header_only;
7530
7531		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7532
7533		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7534
7535		if (lun->flags & CTL_LUN_PR_RESERVED)
7536		{
7537			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7538			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7539				    res->header.length);
7540			header_only = 0;
7541		} else {
7542			tmp_len = sizeof(struct scsi_per_res_in_header);
7543			scsi_ulto4b(0, res->header.length);
7544			header_only = 1;
7545		}
7546
7547		/*
7548		 * We had to drop the lock to allocate our buffer, which
7549		 * leaves time for someone to come in with another
7550		 * persistent reservation.  (That is unlikely, though,
7551		 * since this should be the only persistent reservation
7552		 * command active right now.)
7553		 */
7554		if (tmp_len != total_len) {
7555			mtx_unlock(&lun->lun_lock);
7556			free(ctsio->kern_data_ptr, M_CTL);
7557			printf("%s: reservation status changed, retrying\n",
7558			       __func__);
7559			goto retry;
7560		}
7561
7562		/*
7563		 * No reservation held, so we're done.
7564		 */
7565		if (header_only != 0)
7566			break;
7567
7568		/*
7569		 * If the registration is an All Registrants type, the key
7570		 * is 0, since it doesn't really matter.
7571		 */
7572		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7573			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7574			    res->data.reservation);
7575		}
7576		res->data.scopetype = lun->res_type;
7577		break;
7578	}
7579	case SPRI_RC:     //report capabilities
7580	{
7581		struct scsi_per_res_cap *res_cap;
7582		uint16_t type_mask;
7583
7584		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7585		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7586		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7587		type_mask = SPRI_TM_WR_EX_AR |
7588			    SPRI_TM_EX_AC_RO |
7589			    SPRI_TM_WR_EX_RO |
7590			    SPRI_TM_EX_AC |
7591			    SPRI_TM_WR_EX |
7592			    SPRI_TM_EX_AC_AR;
7593		scsi_ulto2b(type_mask, res_cap->type_mask);
7594		break;
7595	}
7596	case SPRI_RS: { // read full status
7597		struct scsi_per_res_in_full *res_status;
7598		struct scsi_per_res_in_full_desc *res_desc;
7599		struct ctl_port *port;
7600		int i, len;
7601
7602		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7603
7604		/*
7605		 * We had to drop the lock to allocate our buffer, which
7606		 * leaves time for someone to come in with another
7607		 * persistent reservation.  (That is unlikely, though,
7608		 * since this should be the only persistent reservation
7609		 * command active right now.)
7610		 */
7611		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7612		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7613		     lun->pr_key_count)){
7614			mtx_unlock(&lun->lun_lock);
7615			free(ctsio->kern_data_ptr, M_CTL);
7616			printf("%s: reservation length changed, retrying\n",
7617			       __func__);
7618			goto retry;
7619		}
7620
7621		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7622
7623		res_desc = &res_status->desc[0];
7624		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7625			if ((key = ctl_get_prkey(lun, i)) == 0)
7626				continue;
7627
7628			scsi_u64to8b(key, res_desc->res_key.key);
7629			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7630			    (lun->pr_res_idx == i ||
7631			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7632				res_desc->flags = SPRI_FULL_R_HOLDER;
7633				res_desc->scopetype = lun->res_type;
7634			}
7635			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7636			    res_desc->rel_trgt_port_id);
7637			len = 0;
7638			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7639			if (port != NULL)
7640				len = ctl_create_iid(port,
7641				    i % CTL_MAX_INIT_PER_PORT,
7642				    res_desc->transport_id);
7643			scsi_ulto4b(len, res_desc->additional_length);
7644			res_desc = (struct scsi_per_res_in_full_desc *)
7645			    &res_desc->transport_id[len];
7646		}
7647		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7648		    res_status->header.length);
7649		break;
7650	}
7651	default:
7652		/*
7653		 * This is a bug, because we just checked for this above,
7654		 * and should have returned an error.
7655		 */
7656		panic("Invalid PR type %x", cdb->action);
7657		break; /* NOTREACHED */
7658	}
7659	mtx_unlock(&lun->lun_lock);
7660
7661	ctl_set_success(ctsio);
7662	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7663	ctsio->be_move_done = ctl_config_move_done;
7664	ctl_datamove((union ctl_io *)ctsio);
7665	return (CTL_RETVAL_COMPLETE);
7666}
7667
7668/*
7669 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7670 * it should return.
7671 */
7672static int
7673ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7674		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7675		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7676		struct scsi_per_res_out_parms* param)
7677{
7678	union ctl_ha_msg persis_io;
7679	int i;
7680
7681	mtx_lock(&lun->lun_lock);
7682	if (sa_res_key == 0) {
7683		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7684			/* validate scope and type */
7685			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7686			     SPR_LU_SCOPE) {
7687				mtx_unlock(&lun->lun_lock);
7688				ctl_set_invalid_field(/*ctsio*/ ctsio,
7689						      /*sks_valid*/ 1,
7690						      /*command*/ 1,
7691						      /*field*/ 2,
7692						      /*bit_valid*/ 1,
7693						      /*bit*/ 4);
7694				ctl_done((union ctl_io *)ctsio);
7695				return (1);
7696			}
7697
7698		        if (type>8 || type==2 || type==4 || type==0) {
7699				mtx_unlock(&lun->lun_lock);
7700				ctl_set_invalid_field(/*ctsio*/ ctsio,
7701       	           				      /*sks_valid*/ 1,
7702						      /*command*/ 1,
7703						      /*field*/ 2,
7704						      /*bit_valid*/ 1,
7705						      /*bit*/ 0);
7706				ctl_done((union ctl_io *)ctsio);
7707				return (1);
7708		        }
7709
7710			/*
7711			 * Unregister everybody else and build UA for
7712			 * them
7713			 */
7714			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7715				if (i == residx || ctl_get_prkey(lun, i) == 0)
7716					continue;
7717
7718				ctl_clr_prkey(lun, i);
7719				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7720			}
7721			lun->pr_key_count = 1;
7722			lun->res_type = type;
7723			if (lun->res_type != SPR_TYPE_WR_EX_AR
7724			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7725				lun->pr_res_idx = residx;
7726			lun->PRGeneration++;
7727			mtx_unlock(&lun->lun_lock);
7728
7729			/* send msg to other side */
7730			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7731			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7732			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7733			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7734			persis_io.pr.pr_info.res_type = type;
7735			memcpy(persis_io.pr.pr_info.sa_res_key,
7736			       param->serv_act_res_key,
7737			       sizeof(param->serv_act_res_key));
7738			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7739			    sizeof(persis_io.pr), M_WAITOK);
7740		} else {
7741			/* not all registrants */
7742			mtx_unlock(&lun->lun_lock);
7743			free(ctsio->kern_data_ptr, M_CTL);
7744			ctl_set_invalid_field(ctsio,
7745					      /*sks_valid*/ 1,
7746					      /*command*/ 0,
7747					      /*field*/ 8,
7748					      /*bit_valid*/ 0,
7749					      /*bit*/ 0);
7750			ctl_done((union ctl_io *)ctsio);
7751			return (1);
7752		}
7753	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7754		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7755		int found = 0;
7756
7757		if (res_key == sa_res_key) {
7758			/* special case */
7759			/*
7760			 * The spec implies this is not good but doesn't
7761			 * say what to do. There are two choices either
7762			 * generate a res conflict or check condition
7763			 * with illegal field in parameter data. Since
7764			 * that is what is done when the sa_res_key is
7765			 * zero I'll take that approach since this has
7766			 * to do with the sa_res_key.
7767			 */
7768			mtx_unlock(&lun->lun_lock);
7769			free(ctsio->kern_data_ptr, M_CTL);
7770			ctl_set_invalid_field(ctsio,
7771					      /*sks_valid*/ 1,
7772					      /*command*/ 0,
7773					      /*field*/ 8,
7774					      /*bit_valid*/ 0,
7775					      /*bit*/ 0);
7776			ctl_done((union ctl_io *)ctsio);
7777			return (1);
7778		}
7779
7780		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7781			if (ctl_get_prkey(lun, i) != sa_res_key)
7782				continue;
7783
7784			found = 1;
7785			ctl_clr_prkey(lun, i);
7786			lun->pr_key_count--;
7787			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7788		}
7789		if (!found) {
7790			mtx_unlock(&lun->lun_lock);
7791			free(ctsio->kern_data_ptr, M_CTL);
7792			ctl_set_reservation_conflict(ctsio);
7793			ctl_done((union ctl_io *)ctsio);
7794			return (CTL_RETVAL_COMPLETE);
7795		}
7796		lun->PRGeneration++;
7797		mtx_unlock(&lun->lun_lock);
7798
7799		/* send msg to other side */
7800		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7801		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7802		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7803		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7804		persis_io.pr.pr_info.res_type = type;
7805		memcpy(persis_io.pr.pr_info.sa_res_key,
7806		       param->serv_act_res_key,
7807		       sizeof(param->serv_act_res_key));
7808		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7809		    sizeof(persis_io.pr), M_WAITOK);
7810	} else {
7811		/* Reserved but not all registrants */
7812		/* sa_res_key is res holder */
7813		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7814			/* validate scope and type */
7815			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7816			     SPR_LU_SCOPE) {
7817				mtx_unlock(&lun->lun_lock);
7818				ctl_set_invalid_field(/*ctsio*/ ctsio,
7819						      /*sks_valid*/ 1,
7820						      /*command*/ 1,
7821						      /*field*/ 2,
7822						      /*bit_valid*/ 1,
7823						      /*bit*/ 4);
7824				ctl_done((union ctl_io *)ctsio);
7825				return (1);
7826			}
7827
7828			if (type>8 || type==2 || type==4 || type==0) {
7829				mtx_unlock(&lun->lun_lock);
7830				ctl_set_invalid_field(/*ctsio*/ ctsio,
7831						      /*sks_valid*/ 1,
7832						      /*command*/ 1,
7833						      /*field*/ 2,
7834						      /*bit_valid*/ 1,
7835						      /*bit*/ 0);
7836				ctl_done((union ctl_io *)ctsio);
7837				return (1);
7838			}
7839
7840			/*
7841			 * Do the following:
7842			 * if sa_res_key != res_key remove all
7843			 * registrants w/sa_res_key and generate UA
7844			 * for these registrants(Registrations
7845			 * Preempted) if it wasn't an exclusive
7846			 * reservation generate UA(Reservations
7847			 * Preempted) for all other registered nexuses
7848			 * if the type has changed. Establish the new
7849			 * reservation and holder. If res_key and
7850			 * sa_res_key are the same do the above
7851			 * except don't unregister the res holder.
7852			 */
7853
7854			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7855				if (i == residx || ctl_get_prkey(lun, i) == 0)
7856					continue;
7857
7858				if (sa_res_key == ctl_get_prkey(lun, i)) {
7859					ctl_clr_prkey(lun, i);
7860					lun->pr_key_count--;
7861					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7862				} else if (type != lun->res_type
7863					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7864					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7865					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7866				}
7867			}
7868			lun->res_type = type;
7869			if (lun->res_type != SPR_TYPE_WR_EX_AR
7870			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7871				lun->pr_res_idx = residx;
7872			else
7873				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7874			lun->PRGeneration++;
7875			mtx_unlock(&lun->lun_lock);
7876
7877			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7878			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7879			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7880			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7881			persis_io.pr.pr_info.res_type = type;
7882			memcpy(persis_io.pr.pr_info.sa_res_key,
7883			       param->serv_act_res_key,
7884			       sizeof(param->serv_act_res_key));
7885			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7886			    sizeof(persis_io.pr), M_WAITOK);
7887		} else {
7888			/*
7889			 * sa_res_key is not the res holder just
7890			 * remove registrants
7891			 */
7892			int found=0;
7893
7894			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7895				if (sa_res_key != ctl_get_prkey(lun, i))
7896					continue;
7897
7898				found = 1;
7899				ctl_clr_prkey(lun, i);
7900				lun->pr_key_count--;
7901				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7902			}
7903
7904			if (!found) {
7905				mtx_unlock(&lun->lun_lock);
7906				free(ctsio->kern_data_ptr, M_CTL);
7907				ctl_set_reservation_conflict(ctsio);
7908				ctl_done((union ctl_io *)ctsio);
7909		        	return (1);
7910			}
7911			lun->PRGeneration++;
7912			mtx_unlock(&lun->lun_lock);
7913
7914			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7915			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7916			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7917			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7918			persis_io.pr.pr_info.res_type = type;
7919			memcpy(persis_io.pr.pr_info.sa_res_key,
7920			       param->serv_act_res_key,
7921			       sizeof(param->serv_act_res_key));
7922			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7923			    sizeof(persis_io.pr), M_WAITOK);
7924		}
7925	}
7926	return (0);
7927}
7928
7929static void
7930ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7931{
7932	uint64_t sa_res_key;
7933	int i;
7934
7935	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7936
7937	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7938	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7939	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7940		if (sa_res_key == 0) {
7941			/*
7942			 * Unregister everybody else and build UA for
7943			 * them
7944			 */
7945			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7946				if (i == msg->pr.pr_info.residx ||
7947				    ctl_get_prkey(lun, i) == 0)
7948					continue;
7949
7950				ctl_clr_prkey(lun, i);
7951				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7952			}
7953
7954			lun->pr_key_count = 1;
7955			lun->res_type = msg->pr.pr_info.res_type;
7956			if (lun->res_type != SPR_TYPE_WR_EX_AR
7957			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7958				lun->pr_res_idx = msg->pr.pr_info.residx;
7959		} else {
7960		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7961				if (sa_res_key == ctl_get_prkey(lun, i))
7962					continue;
7963
7964				ctl_clr_prkey(lun, i);
7965				lun->pr_key_count--;
7966				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7967			}
7968		}
7969	} else {
7970		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7971			if (i == msg->pr.pr_info.residx ||
7972			    ctl_get_prkey(lun, i) == 0)
7973				continue;
7974
7975			if (sa_res_key == ctl_get_prkey(lun, i)) {
7976				ctl_clr_prkey(lun, i);
7977				lun->pr_key_count--;
7978				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7979			} else if (msg->pr.pr_info.res_type != lun->res_type
7980				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7981				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7982				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7983			}
7984		}
7985		lun->res_type = msg->pr.pr_info.res_type;
7986		if (lun->res_type != SPR_TYPE_WR_EX_AR
7987		 && lun->res_type != SPR_TYPE_EX_AC_AR)
7988			lun->pr_res_idx = msg->pr.pr_info.residx;
7989		else
7990			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7991	}
7992	lun->PRGeneration++;
7993
7994}
7995
7996
7997int
7998ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
7999{
8000	int retval;
8001	u_int32_t param_len;
8002	struct scsi_per_res_out *cdb;
8003	struct ctl_lun *lun;
8004	struct scsi_per_res_out_parms* param;
8005	struct ctl_softc *softc;
8006	uint32_t residx;
8007	uint64_t res_key, sa_res_key, key;
8008	uint8_t type;
8009	union ctl_ha_msg persis_io;
8010	int    i;
8011
8012	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8013
8014	retval = CTL_RETVAL_COMPLETE;
8015
8016	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8017	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8018	softc = lun->ctl_softc;
8019
8020	/*
8021	 * We only support whole-LUN scope.  The scope & type are ignored for
8022	 * register, register and ignore existing key and clear.
8023	 * We sometimes ignore scope and type on preempts too!!
8024	 * Verify reservation type here as well.
8025	 */
8026	type = cdb->scope_type & SPR_TYPE_MASK;
8027	if ((cdb->action == SPRO_RESERVE)
8028	 || (cdb->action == SPRO_RELEASE)) {
8029		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8030			ctl_set_invalid_field(/*ctsio*/ ctsio,
8031					      /*sks_valid*/ 1,
8032					      /*command*/ 1,
8033					      /*field*/ 2,
8034					      /*bit_valid*/ 1,
8035					      /*bit*/ 4);
8036			ctl_done((union ctl_io *)ctsio);
8037			return (CTL_RETVAL_COMPLETE);
8038		}
8039
8040		if (type>8 || type==2 || type==4 || type==0) {
8041			ctl_set_invalid_field(/*ctsio*/ ctsio,
8042					      /*sks_valid*/ 1,
8043					      /*command*/ 1,
8044					      /*field*/ 2,
8045					      /*bit_valid*/ 1,
8046					      /*bit*/ 0);
8047			ctl_done((union ctl_io *)ctsio);
8048			return (CTL_RETVAL_COMPLETE);
8049		}
8050	}
8051
8052	param_len = scsi_4btoul(cdb->length);
8053
8054	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8055		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8056		ctsio->kern_data_len = param_len;
8057		ctsio->kern_total_len = param_len;
8058		ctsio->kern_data_resid = 0;
8059		ctsio->kern_rel_offset = 0;
8060		ctsio->kern_sg_entries = 0;
8061		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8062		ctsio->be_move_done = ctl_config_move_done;
8063		ctl_datamove((union ctl_io *)ctsio);
8064
8065		return (CTL_RETVAL_COMPLETE);
8066	}
8067
8068	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8069
8070	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8071	res_key = scsi_8btou64(param->res_key.key);
8072	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8073
8074	/*
8075	 * Validate the reservation key here except for SPRO_REG_IGNO
8076	 * This must be done for all other service actions
8077	 */
8078	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8079		mtx_lock(&lun->lun_lock);
8080		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8081			if (res_key != key) {
8082				/*
8083				 * The current key passed in doesn't match
8084				 * the one the initiator previously
8085				 * registered.
8086				 */
8087				mtx_unlock(&lun->lun_lock);
8088				free(ctsio->kern_data_ptr, M_CTL);
8089				ctl_set_reservation_conflict(ctsio);
8090				ctl_done((union ctl_io *)ctsio);
8091				return (CTL_RETVAL_COMPLETE);
8092			}
8093		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8094			/*
8095			 * We are not registered
8096			 */
8097			mtx_unlock(&lun->lun_lock);
8098			free(ctsio->kern_data_ptr, M_CTL);
8099			ctl_set_reservation_conflict(ctsio);
8100			ctl_done((union ctl_io *)ctsio);
8101			return (CTL_RETVAL_COMPLETE);
8102		} else if (res_key != 0) {
8103			/*
8104			 * We are not registered and trying to register but
8105			 * the register key isn't zero.
8106			 */
8107			mtx_unlock(&lun->lun_lock);
8108			free(ctsio->kern_data_ptr, M_CTL);
8109			ctl_set_reservation_conflict(ctsio);
8110			ctl_done((union ctl_io *)ctsio);
8111			return (CTL_RETVAL_COMPLETE);
8112		}
8113		mtx_unlock(&lun->lun_lock);
8114	}
8115
8116	switch (cdb->action & SPRO_ACTION_MASK) {
8117	case SPRO_REGISTER:
8118	case SPRO_REG_IGNO: {
8119
8120#if 0
8121		printf("Registration received\n");
8122#endif
8123
8124		/*
8125		 * We don't support any of these options, as we report in
8126		 * the read capabilities request (see
8127		 * ctl_persistent_reserve_in(), above).
8128		 */
8129		if ((param->flags & SPR_SPEC_I_PT)
8130		 || (param->flags & SPR_ALL_TG_PT)
8131		 || (param->flags & SPR_APTPL)) {
8132			int bit_ptr;
8133
8134			if (param->flags & SPR_APTPL)
8135				bit_ptr = 0;
8136			else if (param->flags & SPR_ALL_TG_PT)
8137				bit_ptr = 2;
8138			else /* SPR_SPEC_I_PT */
8139				bit_ptr = 3;
8140
8141			free(ctsio->kern_data_ptr, M_CTL);
8142			ctl_set_invalid_field(ctsio,
8143					      /*sks_valid*/ 1,
8144					      /*command*/ 0,
8145					      /*field*/ 20,
8146					      /*bit_valid*/ 1,
8147					      /*bit*/ bit_ptr);
8148			ctl_done((union ctl_io *)ctsio);
8149			return (CTL_RETVAL_COMPLETE);
8150		}
8151
8152		mtx_lock(&lun->lun_lock);
8153
8154		/*
8155		 * The initiator wants to clear the
8156		 * key/unregister.
8157		 */
8158		if (sa_res_key == 0) {
8159			if ((res_key == 0
8160			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8161			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8162			  && ctl_get_prkey(lun, residx) == 0)) {
8163				mtx_unlock(&lun->lun_lock);
8164				goto done;
8165			}
8166
8167			ctl_clr_prkey(lun, residx);
8168			lun->pr_key_count--;
8169
8170			if (residx == lun->pr_res_idx) {
8171				lun->flags &= ~CTL_LUN_PR_RESERVED;
8172				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8173
8174				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8175				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8176				 && lun->pr_key_count) {
8177					/*
8178					 * If the reservation is a registrants
8179					 * only type we need to generate a UA
8180					 * for other registered inits.  The
8181					 * sense code should be RESERVATIONS
8182					 * RELEASED
8183					 */
8184
8185					for (i = softc->init_min; i < softc->init_max; i++){
8186						if (ctl_get_prkey(lun, i) == 0)
8187							continue;
8188						ctl_est_ua(lun, i,
8189						    CTL_UA_RES_RELEASE);
8190					}
8191				}
8192				lun->res_type = 0;
8193			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8194				if (lun->pr_key_count==0) {
8195					lun->flags &= ~CTL_LUN_PR_RESERVED;
8196					lun->res_type = 0;
8197					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8198				}
8199			}
8200			lun->PRGeneration++;
8201			mtx_unlock(&lun->lun_lock);
8202
8203			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8204			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8205			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8206			persis_io.pr.pr_info.residx = residx;
8207			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8208			    sizeof(persis_io.pr), M_WAITOK);
8209		} else /* sa_res_key != 0 */ {
8210
8211			/*
8212			 * If we aren't registered currently then increment
8213			 * the key count and set the registered flag.
8214			 */
8215			ctl_alloc_prkey(lun, residx);
8216			if (ctl_get_prkey(lun, residx) == 0)
8217				lun->pr_key_count++;
8218			ctl_set_prkey(lun, residx, sa_res_key);
8219			lun->PRGeneration++;
8220			mtx_unlock(&lun->lun_lock);
8221
8222			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8223			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8224			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8225			persis_io.pr.pr_info.residx = residx;
8226			memcpy(persis_io.pr.pr_info.sa_res_key,
8227			       param->serv_act_res_key,
8228			       sizeof(param->serv_act_res_key));
8229			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8230			    sizeof(persis_io.pr), M_WAITOK);
8231		}
8232
8233		break;
8234	}
8235	case SPRO_RESERVE:
8236#if 0
8237                printf("Reserve executed type %d\n", type);
8238#endif
8239		mtx_lock(&lun->lun_lock);
8240		if (lun->flags & CTL_LUN_PR_RESERVED) {
8241			/*
8242			 * if this isn't the reservation holder and it's
8243			 * not a "all registrants" type or if the type is
8244			 * different then we have a conflict
8245			 */
8246			if ((lun->pr_res_idx != residx
8247			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8248			 || lun->res_type != type) {
8249				mtx_unlock(&lun->lun_lock);
8250				free(ctsio->kern_data_ptr, M_CTL);
8251				ctl_set_reservation_conflict(ctsio);
8252				ctl_done((union ctl_io *)ctsio);
8253				return (CTL_RETVAL_COMPLETE);
8254			}
8255			mtx_unlock(&lun->lun_lock);
8256		} else /* create a reservation */ {
8257			/*
8258			 * If it's not an "all registrants" type record
8259			 * reservation holder
8260			 */
8261			if (type != SPR_TYPE_WR_EX_AR
8262			 && type != SPR_TYPE_EX_AC_AR)
8263				lun->pr_res_idx = residx; /* Res holder */
8264			else
8265				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8266
8267			lun->flags |= CTL_LUN_PR_RESERVED;
8268			lun->res_type = type;
8269
8270			mtx_unlock(&lun->lun_lock);
8271
8272			/* send msg to other side */
8273			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8274			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8275			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8276			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8277			persis_io.pr.pr_info.res_type = type;
8278			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8279			    sizeof(persis_io.pr), M_WAITOK);
8280		}
8281		break;
8282
8283	case SPRO_RELEASE:
8284		mtx_lock(&lun->lun_lock);
8285		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8286			/* No reservation exists return good status */
8287			mtx_unlock(&lun->lun_lock);
8288			goto done;
8289		}
8290		/*
8291		 * Is this nexus a reservation holder?
8292		 */
8293		if (lun->pr_res_idx != residx
8294		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8295			/*
8296			 * not a res holder return good status but
8297			 * do nothing
8298			 */
8299			mtx_unlock(&lun->lun_lock);
8300			goto done;
8301		}
8302
8303		if (lun->res_type != type) {
8304			mtx_unlock(&lun->lun_lock);
8305			free(ctsio->kern_data_ptr, M_CTL);
8306			ctl_set_illegal_pr_release(ctsio);
8307			ctl_done((union ctl_io *)ctsio);
8308			return (CTL_RETVAL_COMPLETE);
8309		}
8310
8311		/* okay to release */
8312		lun->flags &= ~CTL_LUN_PR_RESERVED;
8313		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8314		lun->res_type = 0;
8315
8316		/*
8317		 * if this isn't an exclusive access
8318		 * res generate UA for all other
8319		 * registrants.
8320		 */
8321		if (type != SPR_TYPE_EX_AC
8322		 && type != SPR_TYPE_WR_EX) {
8323			for (i = softc->init_min; i < softc->init_max; i++) {
8324				if (i == residx || ctl_get_prkey(lun, i) == 0)
8325					continue;
8326				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8327			}
8328		}
8329		mtx_unlock(&lun->lun_lock);
8330
8331		/* Send msg to other side */
8332		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8333		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8334		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8335		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8336		     sizeof(persis_io.pr), M_WAITOK);
8337		break;
8338
8339	case SPRO_CLEAR:
8340		/* send msg to other side */
8341
8342		mtx_lock(&lun->lun_lock);
8343		lun->flags &= ~CTL_LUN_PR_RESERVED;
8344		lun->res_type = 0;
8345		lun->pr_key_count = 0;
8346		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8347
8348		ctl_clr_prkey(lun, residx);
8349		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8350			if (ctl_get_prkey(lun, i) != 0) {
8351				ctl_clr_prkey(lun, i);
8352				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8353			}
8354		lun->PRGeneration++;
8355		mtx_unlock(&lun->lun_lock);
8356
8357		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8358		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8359		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8360		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8361		     sizeof(persis_io.pr), M_WAITOK);
8362		break;
8363
8364	case SPRO_PREEMPT:
8365	case SPRO_PRE_ABO: {
8366		int nretval;
8367
8368		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8369					  residx, ctsio, cdb, param);
8370		if (nretval != 0)
8371			return (CTL_RETVAL_COMPLETE);
8372		break;
8373	}
8374	default:
8375		panic("Invalid PR type %x", cdb->action);
8376	}
8377
8378done:
8379	free(ctsio->kern_data_ptr, M_CTL);
8380	ctl_set_success(ctsio);
8381	ctl_done((union ctl_io *)ctsio);
8382
8383	return (retval);
8384}
8385
8386/*
8387 * This routine is for handling a message from the other SC pertaining to
8388 * persistent reserve out. All the error checking will have been done
8389 * so only perorming the action need be done here to keep the two
8390 * in sync.
8391 */
8392static void
8393ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8394{
8395	struct ctl_softc *softc = control_softc;
8396	struct ctl_lun *lun;
8397	int i;
8398	uint32_t residx, targ_lun;
8399
8400	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8401	mtx_lock(&softc->ctl_lock);
8402	if ((targ_lun >= CTL_MAX_LUNS) ||
8403	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8404		mtx_unlock(&softc->ctl_lock);
8405		return;
8406	}
8407	mtx_lock(&lun->lun_lock);
8408	mtx_unlock(&softc->ctl_lock);
8409	if (lun->flags & CTL_LUN_DISABLED) {
8410		mtx_unlock(&lun->lun_lock);
8411		return;
8412	}
8413	residx = ctl_get_initindex(&msg->hdr.nexus);
8414	switch(msg->pr.pr_info.action) {
8415	case CTL_PR_REG_KEY:
8416		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8417		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8418			lun->pr_key_count++;
8419		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8420		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8421		lun->PRGeneration++;
8422		break;
8423
8424	case CTL_PR_UNREG_KEY:
8425		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8426		lun->pr_key_count--;
8427
8428		/* XXX Need to see if the reservation has been released */
8429		/* if so do we need to generate UA? */
8430		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8431			lun->flags &= ~CTL_LUN_PR_RESERVED;
8432			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8433
8434			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8435			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8436			 && lun->pr_key_count) {
8437				/*
8438				 * If the reservation is a registrants
8439				 * only type we need to generate a UA
8440				 * for other registered inits.  The
8441				 * sense code should be RESERVATIONS
8442				 * RELEASED
8443				 */
8444
8445				for (i = softc->init_min; i < softc->init_max; i++) {
8446					if (ctl_get_prkey(lun, i) == 0)
8447						continue;
8448
8449					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8450				}
8451			}
8452			lun->res_type = 0;
8453		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8454			if (lun->pr_key_count==0) {
8455				lun->flags &= ~CTL_LUN_PR_RESERVED;
8456				lun->res_type = 0;
8457				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8458			}
8459		}
8460		lun->PRGeneration++;
8461		break;
8462
8463	case CTL_PR_RESERVE:
8464		lun->flags |= CTL_LUN_PR_RESERVED;
8465		lun->res_type = msg->pr.pr_info.res_type;
8466		lun->pr_res_idx = msg->pr.pr_info.residx;
8467
8468		break;
8469
8470	case CTL_PR_RELEASE:
8471		/*
8472		 * if this isn't an exclusive access res generate UA for all
8473		 * other registrants.
8474		 */
8475		if (lun->res_type != SPR_TYPE_EX_AC
8476		 && lun->res_type != SPR_TYPE_WR_EX) {
8477			for (i = softc->init_min; i < softc->init_max; i++)
8478				if (i == residx || ctl_get_prkey(lun, i) == 0)
8479					continue;
8480				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8481		}
8482
8483		lun->flags &= ~CTL_LUN_PR_RESERVED;
8484		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8485		lun->res_type = 0;
8486		break;
8487
8488	case CTL_PR_PREEMPT:
8489		ctl_pro_preempt_other(lun, msg);
8490		break;
8491	case CTL_PR_CLEAR:
8492		lun->flags &= ~CTL_LUN_PR_RESERVED;
8493		lun->res_type = 0;
8494		lun->pr_key_count = 0;
8495		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8496
8497		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8498			if (ctl_get_prkey(lun, i) == 0)
8499				continue;
8500			ctl_clr_prkey(lun, i);
8501			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8502		}
8503		lun->PRGeneration++;
8504		break;
8505	}
8506
8507	mtx_unlock(&lun->lun_lock);
8508}
8509
8510int
8511ctl_read_write(struct ctl_scsiio *ctsio)
8512{
8513	struct ctl_lun *lun;
8514	struct ctl_lba_len_flags *lbalen;
8515	uint64_t lba;
8516	uint32_t num_blocks;
8517	int flags, retval;
8518	int isread;
8519
8520	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8521
8522	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8523
8524	flags = 0;
8525	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8526	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8527	switch (ctsio->cdb[0]) {
8528	case READ_6:
8529	case WRITE_6: {
8530		struct scsi_rw_6 *cdb;
8531
8532		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8533
8534		lba = scsi_3btoul(cdb->addr);
8535		/* only 5 bits are valid in the most significant address byte */
8536		lba &= 0x1fffff;
8537		num_blocks = cdb->length;
8538		/*
8539		 * This is correct according to SBC-2.
8540		 */
8541		if (num_blocks == 0)
8542			num_blocks = 256;
8543		break;
8544	}
8545	case READ_10:
8546	case WRITE_10: {
8547		struct scsi_rw_10 *cdb;
8548
8549		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8550		if (cdb->byte2 & SRW10_FUA)
8551			flags |= CTL_LLF_FUA;
8552		if (cdb->byte2 & SRW10_DPO)
8553			flags |= CTL_LLF_DPO;
8554		lba = scsi_4btoul(cdb->addr);
8555		num_blocks = scsi_2btoul(cdb->length);
8556		break;
8557	}
8558	case WRITE_VERIFY_10: {
8559		struct scsi_write_verify_10 *cdb;
8560
8561		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8562		flags |= CTL_LLF_FUA;
8563		if (cdb->byte2 & SWV_DPO)
8564			flags |= CTL_LLF_DPO;
8565		lba = scsi_4btoul(cdb->addr);
8566		num_blocks = scsi_2btoul(cdb->length);
8567		break;
8568	}
8569	case READ_12:
8570	case WRITE_12: {
8571		struct scsi_rw_12 *cdb;
8572
8573		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8574		if (cdb->byte2 & SRW12_FUA)
8575			flags |= CTL_LLF_FUA;
8576		if (cdb->byte2 & SRW12_DPO)
8577			flags |= CTL_LLF_DPO;
8578		lba = scsi_4btoul(cdb->addr);
8579		num_blocks = scsi_4btoul(cdb->length);
8580		break;
8581	}
8582	case WRITE_VERIFY_12: {
8583		struct scsi_write_verify_12 *cdb;
8584
8585		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8586		flags |= CTL_LLF_FUA;
8587		if (cdb->byte2 & SWV_DPO)
8588			flags |= CTL_LLF_DPO;
8589		lba = scsi_4btoul(cdb->addr);
8590		num_blocks = scsi_4btoul(cdb->length);
8591		break;
8592	}
8593	case READ_16:
8594	case WRITE_16: {
8595		struct scsi_rw_16 *cdb;
8596
8597		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8598		if (cdb->byte2 & SRW12_FUA)
8599			flags |= CTL_LLF_FUA;
8600		if (cdb->byte2 & SRW12_DPO)
8601			flags |= CTL_LLF_DPO;
8602		lba = scsi_8btou64(cdb->addr);
8603		num_blocks = scsi_4btoul(cdb->length);
8604		break;
8605	}
8606	case WRITE_ATOMIC_16: {
8607		struct scsi_write_atomic_16 *cdb;
8608
8609		if (lun->be_lun->atomicblock == 0) {
8610			ctl_set_invalid_opcode(ctsio);
8611			ctl_done((union ctl_io *)ctsio);
8612			return (CTL_RETVAL_COMPLETE);
8613		}
8614
8615		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8616		if (cdb->byte2 & SRW12_FUA)
8617			flags |= CTL_LLF_FUA;
8618		if (cdb->byte2 & SRW12_DPO)
8619			flags |= CTL_LLF_DPO;
8620		lba = scsi_8btou64(cdb->addr);
8621		num_blocks = scsi_2btoul(cdb->length);
8622		if (num_blocks > lun->be_lun->atomicblock) {
8623			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8624			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8625			    /*bit*/ 0);
8626			ctl_done((union ctl_io *)ctsio);
8627			return (CTL_RETVAL_COMPLETE);
8628		}
8629		break;
8630	}
8631	case WRITE_VERIFY_16: {
8632		struct scsi_write_verify_16 *cdb;
8633
8634		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8635		flags |= CTL_LLF_FUA;
8636		if (cdb->byte2 & SWV_DPO)
8637			flags |= CTL_LLF_DPO;
8638		lba = scsi_8btou64(cdb->addr);
8639		num_blocks = scsi_4btoul(cdb->length);
8640		break;
8641	}
8642	default:
8643		/*
8644		 * We got a command we don't support.  This shouldn't
8645		 * happen, commands should be filtered out above us.
8646		 */
8647		ctl_set_invalid_opcode(ctsio);
8648		ctl_done((union ctl_io *)ctsio);
8649
8650		return (CTL_RETVAL_COMPLETE);
8651		break; /* NOTREACHED */
8652	}
8653
8654	/*
8655	 * The first check is to make sure we're in bounds, the second
8656	 * check is to catch wrap-around problems.  If the lba + num blocks
8657	 * is less than the lba, then we've wrapped around and the block
8658	 * range is invalid anyway.
8659	 */
8660	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8661	 || ((lba + num_blocks) < lba)) {
8662		ctl_set_lba_out_of_range(ctsio);
8663		ctl_done((union ctl_io *)ctsio);
8664		return (CTL_RETVAL_COMPLETE);
8665	}
8666
8667	/*
8668	 * According to SBC-3, a transfer length of 0 is not an error.
8669	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8670	 * translates to 256 blocks for those commands.
8671	 */
8672	if (num_blocks == 0) {
8673		ctl_set_success(ctsio);
8674		ctl_done((union ctl_io *)ctsio);
8675		return (CTL_RETVAL_COMPLETE);
8676	}
8677
8678	/* Set FUA and/or DPO if caches are disabled. */
8679	if (isread) {
8680		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8681		    SCP_RCD) != 0)
8682			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8683	} else {
8684		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8685		    SCP_WCE) == 0)
8686			flags |= CTL_LLF_FUA;
8687	}
8688
8689	lbalen = (struct ctl_lba_len_flags *)
8690	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8691	lbalen->lba = lba;
8692	lbalen->len = num_blocks;
8693	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8694
8695	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8696	ctsio->kern_rel_offset = 0;
8697
8698	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8699
8700	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8701	return (retval);
8702}
8703
8704static int
8705ctl_cnw_cont(union ctl_io *io)
8706{
8707	struct ctl_scsiio *ctsio;
8708	struct ctl_lun *lun;
8709	struct ctl_lba_len_flags *lbalen;
8710	int retval;
8711
8712	ctsio = &io->scsiio;
8713	ctsio->io_hdr.status = CTL_STATUS_NONE;
8714	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8715	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8716	lbalen = (struct ctl_lba_len_flags *)
8717	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8718	lbalen->flags &= ~CTL_LLF_COMPARE;
8719	lbalen->flags |= CTL_LLF_WRITE;
8720
8721	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8722	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8723	return (retval);
8724}
8725
8726int
8727ctl_cnw(struct ctl_scsiio *ctsio)
8728{
8729	struct ctl_lun *lun;
8730	struct ctl_lba_len_flags *lbalen;
8731	uint64_t lba;
8732	uint32_t num_blocks;
8733	int flags, retval;
8734
8735	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8736
8737	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8738
8739	flags = 0;
8740	switch (ctsio->cdb[0]) {
8741	case COMPARE_AND_WRITE: {
8742		struct scsi_compare_and_write *cdb;
8743
8744		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8745		if (cdb->byte2 & SRW10_FUA)
8746			flags |= CTL_LLF_FUA;
8747		if (cdb->byte2 & SRW10_DPO)
8748			flags |= CTL_LLF_DPO;
8749		lba = scsi_8btou64(cdb->addr);
8750		num_blocks = cdb->length;
8751		break;
8752	}
8753	default:
8754		/*
8755		 * We got a command we don't support.  This shouldn't
8756		 * happen, commands should be filtered out above us.
8757		 */
8758		ctl_set_invalid_opcode(ctsio);
8759		ctl_done((union ctl_io *)ctsio);
8760
8761		return (CTL_RETVAL_COMPLETE);
8762		break; /* NOTREACHED */
8763	}
8764
8765	/*
8766	 * The first check is to make sure we're in bounds, the second
8767	 * check is to catch wrap-around problems.  If the lba + num blocks
8768	 * is less than the lba, then we've wrapped around and the block
8769	 * range is invalid anyway.
8770	 */
8771	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8772	 || ((lba + num_blocks) < lba)) {
8773		ctl_set_lba_out_of_range(ctsio);
8774		ctl_done((union ctl_io *)ctsio);
8775		return (CTL_RETVAL_COMPLETE);
8776	}
8777
8778	/*
8779	 * According to SBC-3, a transfer length of 0 is not an error.
8780	 */
8781	if (num_blocks == 0) {
8782		ctl_set_success(ctsio);
8783		ctl_done((union ctl_io *)ctsio);
8784		return (CTL_RETVAL_COMPLETE);
8785	}
8786
8787	/* Set FUA if write cache is disabled. */
8788	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8789	    SCP_WCE) == 0)
8790		flags |= CTL_LLF_FUA;
8791
8792	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8793	ctsio->kern_rel_offset = 0;
8794
8795	/*
8796	 * Set the IO_CONT flag, so that if this I/O gets passed to
8797	 * ctl_data_submit_done(), it'll get passed back to
8798	 * ctl_ctl_cnw_cont() for further processing.
8799	 */
8800	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8801	ctsio->io_cont = ctl_cnw_cont;
8802
8803	lbalen = (struct ctl_lba_len_flags *)
8804	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8805	lbalen->lba = lba;
8806	lbalen->len = num_blocks;
8807	lbalen->flags = CTL_LLF_COMPARE | flags;
8808
8809	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8810	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8811	return (retval);
8812}
8813
8814int
8815ctl_verify(struct ctl_scsiio *ctsio)
8816{
8817	struct ctl_lun *lun;
8818	struct ctl_lba_len_flags *lbalen;
8819	uint64_t lba;
8820	uint32_t num_blocks;
8821	int bytchk, flags;
8822	int retval;
8823
8824	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8825
8826	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8827
8828	bytchk = 0;
8829	flags = CTL_LLF_FUA;
8830	switch (ctsio->cdb[0]) {
8831	case VERIFY_10: {
8832		struct scsi_verify_10 *cdb;
8833
8834		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8835		if (cdb->byte2 & SVFY_BYTCHK)
8836			bytchk = 1;
8837		if (cdb->byte2 & SVFY_DPO)
8838			flags |= CTL_LLF_DPO;
8839		lba = scsi_4btoul(cdb->addr);
8840		num_blocks = scsi_2btoul(cdb->length);
8841		break;
8842	}
8843	case VERIFY_12: {
8844		struct scsi_verify_12 *cdb;
8845
8846		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8847		if (cdb->byte2 & SVFY_BYTCHK)
8848			bytchk = 1;
8849		if (cdb->byte2 & SVFY_DPO)
8850			flags |= CTL_LLF_DPO;
8851		lba = scsi_4btoul(cdb->addr);
8852		num_blocks = scsi_4btoul(cdb->length);
8853		break;
8854	}
8855	case VERIFY_16: {
8856		struct scsi_rw_16 *cdb;
8857
8858		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8859		if (cdb->byte2 & SVFY_BYTCHK)
8860			bytchk = 1;
8861		if (cdb->byte2 & SVFY_DPO)
8862			flags |= CTL_LLF_DPO;
8863		lba = scsi_8btou64(cdb->addr);
8864		num_blocks = scsi_4btoul(cdb->length);
8865		break;
8866	}
8867	default:
8868		/*
8869		 * We got a command we don't support.  This shouldn't
8870		 * happen, commands should be filtered out above us.
8871		 */
8872		ctl_set_invalid_opcode(ctsio);
8873		ctl_done((union ctl_io *)ctsio);
8874		return (CTL_RETVAL_COMPLETE);
8875	}
8876
8877	/*
8878	 * The first check is to make sure we're in bounds, the second
8879	 * check is to catch wrap-around problems.  If the lba + num blocks
8880	 * is less than the lba, then we've wrapped around and the block
8881	 * range is invalid anyway.
8882	 */
8883	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8884	 || ((lba + num_blocks) < lba)) {
8885		ctl_set_lba_out_of_range(ctsio);
8886		ctl_done((union ctl_io *)ctsio);
8887		return (CTL_RETVAL_COMPLETE);
8888	}
8889
8890	/*
8891	 * According to SBC-3, a transfer length of 0 is not an error.
8892	 */
8893	if (num_blocks == 0) {
8894		ctl_set_success(ctsio);
8895		ctl_done((union ctl_io *)ctsio);
8896		return (CTL_RETVAL_COMPLETE);
8897	}
8898
8899	lbalen = (struct ctl_lba_len_flags *)
8900	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8901	lbalen->lba = lba;
8902	lbalen->len = num_blocks;
8903	if (bytchk) {
8904		lbalen->flags = CTL_LLF_COMPARE | flags;
8905		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8906	} else {
8907		lbalen->flags = CTL_LLF_VERIFY | flags;
8908		ctsio->kern_total_len = 0;
8909	}
8910	ctsio->kern_rel_offset = 0;
8911
8912	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8913	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8914	return (retval);
8915}
8916
8917int
8918ctl_report_luns(struct ctl_scsiio *ctsio)
8919{
8920	struct ctl_softc *softc;
8921	struct scsi_report_luns *cdb;
8922	struct scsi_report_luns_data *lun_data;
8923	struct ctl_lun *lun, *request_lun;
8924	struct ctl_port *port;
8925	int num_luns, retval;
8926	uint32_t alloc_len, lun_datalen;
8927	int num_filled;
8928	uint32_t initidx, targ_lun_id, lun_id;
8929
8930	retval = CTL_RETVAL_COMPLETE;
8931	cdb = (struct scsi_report_luns *)ctsio->cdb;
8932	port = ctl_io_port(&ctsio->io_hdr);
8933	softc = port->ctl_softc;
8934
8935	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8936
8937	mtx_lock(&softc->ctl_lock);
8938	num_luns = 0;
8939	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8940		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8941			num_luns++;
8942	}
8943	mtx_unlock(&softc->ctl_lock);
8944
8945	switch (cdb->select_report) {
8946	case RPL_REPORT_DEFAULT:
8947	case RPL_REPORT_ALL:
8948	case RPL_REPORT_NONSUBSID:
8949		break;
8950	case RPL_REPORT_WELLKNOWN:
8951	case RPL_REPORT_ADMIN:
8952	case RPL_REPORT_CONGLOM:
8953		num_luns = 0;
8954		break;
8955	default:
8956		ctl_set_invalid_field(ctsio,
8957				      /*sks_valid*/ 1,
8958				      /*command*/ 1,
8959				      /*field*/ 2,
8960				      /*bit_valid*/ 0,
8961				      /*bit*/ 0);
8962		ctl_done((union ctl_io *)ctsio);
8963		return (retval);
8964		break; /* NOTREACHED */
8965	}
8966
8967	alloc_len = scsi_4btoul(cdb->length);
8968	/*
8969	 * The initiator has to allocate at least 16 bytes for this request,
8970	 * so he can at least get the header and the first LUN.  Otherwise
8971	 * we reject the request (per SPC-3 rev 14, section 6.21).
8972	 */
8973	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
8974	    sizeof(struct scsi_report_luns_lundata))) {
8975		ctl_set_invalid_field(ctsio,
8976				      /*sks_valid*/ 1,
8977				      /*command*/ 1,
8978				      /*field*/ 6,
8979				      /*bit_valid*/ 0,
8980				      /*bit*/ 0);
8981		ctl_done((union ctl_io *)ctsio);
8982		return (retval);
8983	}
8984
8985	request_lun = (struct ctl_lun *)
8986		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8987
8988	lun_datalen = sizeof(*lun_data) +
8989		(num_luns * sizeof(struct scsi_report_luns_lundata));
8990
8991	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
8992	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
8993	ctsio->kern_sg_entries = 0;
8994
8995	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8996
8997	mtx_lock(&softc->ctl_lock);
8998	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
8999		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9000		if (lun_id >= CTL_MAX_LUNS)
9001			continue;
9002		lun = softc->ctl_luns[lun_id];
9003		if (lun == NULL)
9004			continue;
9005
9006		if (targ_lun_id <= 0xff) {
9007			/*
9008			 * Peripheral addressing method, bus number 0.
9009			 */
9010			lun_data->luns[num_filled].lundata[0] =
9011				RPL_LUNDATA_ATYP_PERIPH;
9012			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9013			num_filled++;
9014		} else if (targ_lun_id <= 0x3fff) {
9015			/*
9016			 * Flat addressing method.
9017			 */
9018			lun_data->luns[num_filled].lundata[0] =
9019				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9020			lun_data->luns[num_filled].lundata[1] =
9021				(targ_lun_id & 0xff);
9022			num_filled++;
9023		} else if (targ_lun_id <= 0xffffff) {
9024			/*
9025			 * Extended flat addressing method.
9026			 */
9027			lun_data->luns[num_filled].lundata[0] =
9028			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9029			scsi_ulto3b(targ_lun_id,
9030			    &lun_data->luns[num_filled].lundata[1]);
9031			num_filled++;
9032		} else {
9033			printf("ctl_report_luns: bogus LUN number %jd, "
9034			       "skipping\n", (intmax_t)targ_lun_id);
9035		}
9036		/*
9037		 * According to SPC-3, rev 14 section 6.21:
9038		 *
9039		 * "The execution of a REPORT LUNS command to any valid and
9040		 * installed logical unit shall clear the REPORTED LUNS DATA
9041		 * HAS CHANGED unit attention condition for all logical
9042		 * units of that target with respect to the requesting
9043		 * initiator. A valid and installed logical unit is one
9044		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9045		 * INQUIRY data (see 6.4.2)."
9046		 *
9047		 * If request_lun is NULL, the LUN this report luns command
9048		 * was issued to is either disabled or doesn't exist. In that
9049		 * case, we shouldn't clear any pending lun change unit
9050		 * attention.
9051		 */
9052		if (request_lun != NULL) {
9053			mtx_lock(&lun->lun_lock);
9054			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9055			mtx_unlock(&lun->lun_lock);
9056		}
9057	}
9058	mtx_unlock(&softc->ctl_lock);
9059
9060	/*
9061	 * It's quite possible that we've returned fewer LUNs than we allocated
9062	 * space for.  Trim it.
9063	 */
9064	lun_datalen = sizeof(*lun_data) +
9065		(num_filled * sizeof(struct scsi_report_luns_lundata));
9066
9067	if (lun_datalen < alloc_len) {
9068		ctsio->residual = alloc_len - lun_datalen;
9069		ctsio->kern_data_len = lun_datalen;
9070		ctsio->kern_total_len = lun_datalen;
9071	} else {
9072		ctsio->residual = 0;
9073		ctsio->kern_data_len = alloc_len;
9074		ctsio->kern_total_len = alloc_len;
9075	}
9076	ctsio->kern_data_resid = 0;
9077	ctsio->kern_rel_offset = 0;
9078	ctsio->kern_sg_entries = 0;
9079
9080	/*
9081	 * We set this to the actual data length, regardless of how much
9082	 * space we actually have to return results.  If the user looks at
9083	 * this value, he'll know whether or not he allocated enough space
9084	 * and reissue the command if necessary.  We don't support well
9085	 * known logical units, so if the user asks for that, return none.
9086	 */
9087	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9088
9089	/*
9090	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9091	 * this request.
9092	 */
9093	ctl_set_success(ctsio);
9094	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9095	ctsio->be_move_done = ctl_config_move_done;
9096	ctl_datamove((union ctl_io *)ctsio);
9097	return (retval);
9098}
9099
9100int
9101ctl_request_sense(struct ctl_scsiio *ctsio)
9102{
9103	struct scsi_request_sense *cdb;
9104	struct scsi_sense_data *sense_ptr;
9105	struct ctl_softc *ctl_softc;
9106	struct ctl_lun *lun;
9107	uint32_t initidx;
9108	int have_error;
9109	scsi_sense_data_type sense_format;
9110	ctl_ua_type ua_type;
9111
9112	cdb = (struct scsi_request_sense *)ctsio->cdb;
9113
9114	ctl_softc = control_softc;
9115	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9116
9117	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9118
9119	/*
9120	 * Determine which sense format the user wants.
9121	 */
9122	if (cdb->byte2 & SRS_DESC)
9123		sense_format = SSD_TYPE_DESC;
9124	else
9125		sense_format = SSD_TYPE_FIXED;
9126
9127	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9128	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9129	ctsio->kern_sg_entries = 0;
9130
9131	/*
9132	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9133	 * larger than the largest allowed value for the length field in the
9134	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9135	 */
9136	ctsio->residual = 0;
9137	ctsio->kern_data_len = cdb->length;
9138	ctsio->kern_total_len = cdb->length;
9139
9140	ctsio->kern_data_resid = 0;
9141	ctsio->kern_rel_offset = 0;
9142	ctsio->kern_sg_entries = 0;
9143
9144	/*
9145	 * If we don't have a LUN, we don't have any pending sense.
9146	 */
9147	if (lun == NULL)
9148		goto no_sense;
9149
9150	have_error = 0;
9151	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9152	/*
9153	 * Check for pending sense, and then for pending unit attentions.
9154	 * Pending sense gets returned first, then pending unit attentions.
9155	 */
9156	mtx_lock(&lun->lun_lock);
9157#ifdef CTL_WITH_CA
9158	if (ctl_is_set(lun->have_ca, initidx)) {
9159		scsi_sense_data_type stored_format;
9160
9161		/*
9162		 * Check to see which sense format was used for the stored
9163		 * sense data.
9164		 */
9165		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9166
9167		/*
9168		 * If the user requested a different sense format than the
9169		 * one we stored, then we need to convert it to the other
9170		 * format.  If we're going from descriptor to fixed format
9171		 * sense data, we may lose things in translation, depending
9172		 * on what options were used.
9173		 *
9174		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9175		 * for some reason we'll just copy it out as-is.
9176		 */
9177		if ((stored_format == SSD_TYPE_FIXED)
9178		 && (sense_format == SSD_TYPE_DESC))
9179			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9180			    &lun->pending_sense[initidx],
9181			    (struct scsi_sense_data_desc *)sense_ptr);
9182		else if ((stored_format == SSD_TYPE_DESC)
9183		      && (sense_format == SSD_TYPE_FIXED))
9184			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9185			    &lun->pending_sense[initidx],
9186			    (struct scsi_sense_data_fixed *)sense_ptr);
9187		else
9188			memcpy(sense_ptr, &lun->pending_sense[initidx],
9189			       MIN(sizeof(*sense_ptr),
9190			       sizeof(lun->pending_sense[initidx])));
9191
9192		ctl_clear_mask(lun->have_ca, initidx);
9193		have_error = 1;
9194	} else
9195#endif
9196	{
9197		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9198		if (ua_type != CTL_UA_NONE)
9199			have_error = 1;
9200		if (ua_type == CTL_UA_LUN_CHANGE) {
9201			mtx_unlock(&lun->lun_lock);
9202			mtx_lock(&ctl_softc->ctl_lock);
9203			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9204			mtx_unlock(&ctl_softc->ctl_lock);
9205			mtx_lock(&lun->lun_lock);
9206		}
9207
9208	}
9209	mtx_unlock(&lun->lun_lock);
9210
9211	/*
9212	 * We already have a pending error, return it.
9213	 */
9214	if (have_error != 0) {
9215		/*
9216		 * We report the SCSI status as OK, since the status of the
9217		 * request sense command itself is OK.
9218		 * We report 0 for the sense length, because we aren't doing
9219		 * autosense in this case.  We're reporting sense as
9220		 * parameter data.
9221		 */
9222		ctl_set_success(ctsio);
9223		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9224		ctsio->be_move_done = ctl_config_move_done;
9225		ctl_datamove((union ctl_io *)ctsio);
9226		return (CTL_RETVAL_COMPLETE);
9227	}
9228
9229no_sense:
9230
9231	/*
9232	 * No sense information to report, so we report that everything is
9233	 * okay.
9234	 */
9235	ctl_set_sense_data(sense_ptr,
9236			   lun,
9237			   sense_format,
9238			   /*current_error*/ 1,
9239			   /*sense_key*/ SSD_KEY_NO_SENSE,
9240			   /*asc*/ 0x00,
9241			   /*ascq*/ 0x00,
9242			   SSD_ELEM_NONE);
9243
9244	/*
9245	 * We report 0 for the sense length, because we aren't doing
9246	 * autosense in this case.  We're reporting sense as parameter data.
9247	 */
9248	ctl_set_success(ctsio);
9249	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9250	ctsio->be_move_done = ctl_config_move_done;
9251	ctl_datamove((union ctl_io *)ctsio);
9252	return (CTL_RETVAL_COMPLETE);
9253}
9254
9255int
9256ctl_tur(struct ctl_scsiio *ctsio)
9257{
9258
9259	CTL_DEBUG_PRINT(("ctl_tur\n"));
9260
9261	ctl_set_success(ctsio);
9262	ctl_done((union ctl_io *)ctsio);
9263
9264	return (CTL_RETVAL_COMPLETE);
9265}
9266
9267/*
9268 * SCSI VPD page 0x00, the Supported VPD Pages page.
9269 */
9270static int
9271ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9272{
9273	struct scsi_vpd_supported_pages *pages;
9274	int sup_page_size;
9275	struct ctl_lun *lun;
9276	int p;
9277
9278	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9279
9280	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9281	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9282	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9283	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9284	ctsio->kern_sg_entries = 0;
9285
9286	if (sup_page_size < alloc_len) {
9287		ctsio->residual = alloc_len - sup_page_size;
9288		ctsio->kern_data_len = sup_page_size;
9289		ctsio->kern_total_len = sup_page_size;
9290	} else {
9291		ctsio->residual = 0;
9292		ctsio->kern_data_len = alloc_len;
9293		ctsio->kern_total_len = alloc_len;
9294	}
9295	ctsio->kern_data_resid = 0;
9296	ctsio->kern_rel_offset = 0;
9297	ctsio->kern_sg_entries = 0;
9298
9299	/*
9300	 * The control device is always connected.  The disk device, on the
9301	 * other hand, may not be online all the time.  Need to change this
9302	 * to figure out whether the disk device is actually online or not.
9303	 */
9304	if (lun != NULL)
9305		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9306				lun->be_lun->lun_type;
9307	else
9308		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9309
9310	p = 0;
9311	/* Supported VPD pages */
9312	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9313	/* Serial Number */
9314	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9315	/* Device Identification */
9316	pages->page_list[p++] = SVPD_DEVICE_ID;
9317	/* Extended INQUIRY Data */
9318	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9319	/* Mode Page Policy */
9320	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9321	/* SCSI Ports */
9322	pages->page_list[p++] = SVPD_SCSI_PORTS;
9323	/* Third-party Copy */
9324	pages->page_list[p++] = SVPD_SCSI_TPC;
9325	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9326		/* Block limits */
9327		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9328		/* Block Device Characteristics */
9329		pages->page_list[p++] = SVPD_BDC;
9330		/* Logical Block Provisioning */
9331		pages->page_list[p++] = SVPD_LBP;
9332	}
9333	pages->length = p;
9334
9335	ctl_set_success(ctsio);
9336	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9337	ctsio->be_move_done = ctl_config_move_done;
9338	ctl_datamove((union ctl_io *)ctsio);
9339	return (CTL_RETVAL_COMPLETE);
9340}
9341
9342/*
9343 * SCSI VPD page 0x80, the Unit Serial Number page.
9344 */
9345static int
9346ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9347{
9348	struct scsi_vpd_unit_serial_number *sn_ptr;
9349	struct ctl_lun *lun;
9350	int data_len;
9351
9352	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9353
9354	data_len = 4 + CTL_SN_LEN;
9355	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9356	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9357	if (data_len < alloc_len) {
9358		ctsio->residual = alloc_len - data_len;
9359		ctsio->kern_data_len = data_len;
9360		ctsio->kern_total_len = data_len;
9361	} else {
9362		ctsio->residual = 0;
9363		ctsio->kern_data_len = alloc_len;
9364		ctsio->kern_total_len = alloc_len;
9365	}
9366	ctsio->kern_data_resid = 0;
9367	ctsio->kern_rel_offset = 0;
9368	ctsio->kern_sg_entries = 0;
9369
9370	/*
9371	 * The control device is always connected.  The disk device, on the
9372	 * other hand, may not be online all the time.  Need to change this
9373	 * to figure out whether the disk device is actually online or not.
9374	 */
9375	if (lun != NULL)
9376		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9377				  lun->be_lun->lun_type;
9378	else
9379		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9380
9381	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9382	sn_ptr->length = CTL_SN_LEN;
9383	/*
9384	 * If we don't have a LUN, we just leave the serial number as
9385	 * all spaces.
9386	 */
9387	if (lun != NULL) {
9388		strncpy((char *)sn_ptr->serial_num,
9389			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9390	} else
9391		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9392
9393	ctl_set_success(ctsio);
9394	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9395	ctsio->be_move_done = ctl_config_move_done;
9396	ctl_datamove((union ctl_io *)ctsio);
9397	return (CTL_RETVAL_COMPLETE);
9398}
9399
9400
9401/*
9402 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9403 */
9404static int
9405ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9406{
9407	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9408	struct ctl_lun *lun;
9409	int data_len;
9410
9411	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9412
9413	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9414	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9415	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9416	ctsio->kern_sg_entries = 0;
9417
9418	if (data_len < alloc_len) {
9419		ctsio->residual = alloc_len - data_len;
9420		ctsio->kern_data_len = data_len;
9421		ctsio->kern_total_len = data_len;
9422	} else {
9423		ctsio->residual = 0;
9424		ctsio->kern_data_len = alloc_len;
9425		ctsio->kern_total_len = alloc_len;
9426	}
9427	ctsio->kern_data_resid = 0;
9428	ctsio->kern_rel_offset = 0;
9429	ctsio->kern_sg_entries = 0;
9430
9431	/*
9432	 * The control device is always connected.  The disk device, on the
9433	 * other hand, may not be online all the time.
9434	 */
9435	if (lun != NULL)
9436		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9437				     lun->be_lun->lun_type;
9438	else
9439		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9440	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9441	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9442	/*
9443	 * We support head of queue, ordered and simple tags.
9444	 */
9445	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9446	/*
9447	 * Volatile cache supported.
9448	 */
9449	eid_ptr->flags3 = SVPD_EID_V_SUP;
9450
9451	/*
9452	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9453	 * attention for a particular IT nexus on all LUNs once we report
9454	 * it to that nexus once.  This bit is required as of SPC-4.
9455	 */
9456	eid_ptr->flags4 = SVPD_EID_LUICLT;
9457
9458	/*
9459	 * XXX KDM in order to correctly answer this, we would need
9460	 * information from the SIM to determine how much sense data it
9461	 * can send.  So this would really be a path inquiry field, most
9462	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9463	 * but the hardware may or may not be able to support that much.
9464	 * 0 just means that the maximum sense data length is not reported.
9465	 */
9466	eid_ptr->max_sense_length = 0;
9467
9468	ctl_set_success(ctsio);
9469	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9470	ctsio->be_move_done = ctl_config_move_done;
9471	ctl_datamove((union ctl_io *)ctsio);
9472	return (CTL_RETVAL_COMPLETE);
9473}
9474
9475static int
9476ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9477{
9478	struct scsi_vpd_mode_page_policy *mpp_ptr;
9479	struct ctl_lun *lun;
9480	int data_len;
9481
9482	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9483
9484	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9485	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9486
9487	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9488	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9489	ctsio->kern_sg_entries = 0;
9490
9491	if (data_len < alloc_len) {
9492		ctsio->residual = alloc_len - data_len;
9493		ctsio->kern_data_len = data_len;
9494		ctsio->kern_total_len = data_len;
9495	} else {
9496		ctsio->residual = 0;
9497		ctsio->kern_data_len = alloc_len;
9498		ctsio->kern_total_len = alloc_len;
9499	}
9500	ctsio->kern_data_resid = 0;
9501	ctsio->kern_rel_offset = 0;
9502	ctsio->kern_sg_entries = 0;
9503
9504	/*
9505	 * The control device is always connected.  The disk device, on the
9506	 * other hand, may not be online all the time.
9507	 */
9508	if (lun != NULL)
9509		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9510				     lun->be_lun->lun_type;
9511	else
9512		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9513	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9514	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9515	mpp_ptr->descr[0].page_code = 0x3f;
9516	mpp_ptr->descr[0].subpage_code = 0xff;
9517	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9518
9519	ctl_set_success(ctsio);
9520	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9521	ctsio->be_move_done = ctl_config_move_done;
9522	ctl_datamove((union ctl_io *)ctsio);
9523	return (CTL_RETVAL_COMPLETE);
9524}
9525
9526/*
9527 * SCSI VPD page 0x83, the Device Identification page.
9528 */
9529static int
9530ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9531{
9532	struct scsi_vpd_device_id *devid_ptr;
9533	struct scsi_vpd_id_descriptor *desc;
9534	struct ctl_softc *softc;
9535	struct ctl_lun *lun;
9536	struct ctl_port *port;
9537	int data_len;
9538	uint8_t proto;
9539
9540	softc = control_softc;
9541
9542	port = ctl_io_port(&ctsio->io_hdr);
9543	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9544
9545	data_len = sizeof(struct scsi_vpd_device_id) +
9546	    sizeof(struct scsi_vpd_id_descriptor) +
9547		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9548	    sizeof(struct scsi_vpd_id_descriptor) +
9549		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9550	if (lun && lun->lun_devid)
9551		data_len += lun->lun_devid->len;
9552	if (port && port->port_devid)
9553		data_len += port->port_devid->len;
9554	if (port && port->target_devid)
9555		data_len += port->target_devid->len;
9556
9557	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9558	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9559	ctsio->kern_sg_entries = 0;
9560
9561	if (data_len < alloc_len) {
9562		ctsio->residual = alloc_len - data_len;
9563		ctsio->kern_data_len = data_len;
9564		ctsio->kern_total_len = data_len;
9565	} else {
9566		ctsio->residual = 0;
9567		ctsio->kern_data_len = alloc_len;
9568		ctsio->kern_total_len = alloc_len;
9569	}
9570	ctsio->kern_data_resid = 0;
9571	ctsio->kern_rel_offset = 0;
9572	ctsio->kern_sg_entries = 0;
9573
9574	/*
9575	 * The control device is always connected.  The disk device, on the
9576	 * other hand, may not be online all the time.
9577	 */
9578	if (lun != NULL)
9579		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9580				     lun->be_lun->lun_type;
9581	else
9582		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9583	devid_ptr->page_code = SVPD_DEVICE_ID;
9584	scsi_ulto2b(data_len - 4, devid_ptr->length);
9585
9586	if (port && port->port_type == CTL_PORT_FC)
9587		proto = SCSI_PROTO_FC << 4;
9588	else if (port && port->port_type == CTL_PORT_ISCSI)
9589		proto = SCSI_PROTO_ISCSI << 4;
9590	else
9591		proto = SCSI_PROTO_SPI << 4;
9592	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9593
9594	/*
9595	 * We're using a LUN association here.  i.e., this device ID is a
9596	 * per-LUN identifier.
9597	 */
9598	if (lun && lun->lun_devid) {
9599		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9600		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9601		    lun->lun_devid->len);
9602	}
9603
9604	/*
9605	 * This is for the WWPN which is a port association.
9606	 */
9607	if (port && port->port_devid) {
9608		memcpy(desc, port->port_devid->data, port->port_devid->len);
9609		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9610		    port->port_devid->len);
9611	}
9612
9613	/*
9614	 * This is for the Relative Target Port(type 4h) identifier
9615	 */
9616	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9617	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9618	    SVPD_ID_TYPE_RELTARG;
9619	desc->length = 4;
9620	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9621	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9622	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9623
9624	/*
9625	 * This is for the Target Port Group(type 5h) identifier
9626	 */
9627	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9628	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9629	    SVPD_ID_TYPE_TPORTGRP;
9630	desc->length = 4;
9631	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9632	    &desc->identifier[2]);
9633	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9634	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9635
9636	/*
9637	 * This is for the Target identifier
9638	 */
9639	if (port && port->target_devid) {
9640		memcpy(desc, port->target_devid->data, port->target_devid->len);
9641	}
9642
9643	ctl_set_success(ctsio);
9644	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9645	ctsio->be_move_done = ctl_config_move_done;
9646	ctl_datamove((union ctl_io *)ctsio);
9647	return (CTL_RETVAL_COMPLETE);
9648}
9649
9650static int
9651ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9652{
9653	struct ctl_softc *softc = control_softc;
9654	struct scsi_vpd_scsi_ports *sp;
9655	struct scsi_vpd_port_designation *pd;
9656	struct scsi_vpd_port_designation_cont *pdc;
9657	struct ctl_lun *lun;
9658	struct ctl_port *port;
9659	int data_len, num_target_ports, iid_len, id_len;
9660
9661	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9662
9663	num_target_ports = 0;
9664	iid_len = 0;
9665	id_len = 0;
9666	mtx_lock(&softc->ctl_lock);
9667	STAILQ_FOREACH(port, &softc->port_list, links) {
9668		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9669			continue;
9670		if (lun != NULL &&
9671		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9672			continue;
9673		num_target_ports++;
9674		if (port->init_devid)
9675			iid_len += port->init_devid->len;
9676		if (port->port_devid)
9677			id_len += port->port_devid->len;
9678	}
9679	mtx_unlock(&softc->ctl_lock);
9680
9681	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9682	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9683	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9684	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9685	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9686	ctsio->kern_sg_entries = 0;
9687
9688	if (data_len < alloc_len) {
9689		ctsio->residual = alloc_len - data_len;
9690		ctsio->kern_data_len = data_len;
9691		ctsio->kern_total_len = data_len;
9692	} else {
9693		ctsio->residual = 0;
9694		ctsio->kern_data_len = alloc_len;
9695		ctsio->kern_total_len = alloc_len;
9696	}
9697	ctsio->kern_data_resid = 0;
9698	ctsio->kern_rel_offset = 0;
9699	ctsio->kern_sg_entries = 0;
9700
9701	/*
9702	 * The control device is always connected.  The disk device, on the
9703	 * other hand, may not be online all the time.  Need to change this
9704	 * to figure out whether the disk device is actually online or not.
9705	 */
9706	if (lun != NULL)
9707		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9708				  lun->be_lun->lun_type;
9709	else
9710		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9711
9712	sp->page_code = SVPD_SCSI_PORTS;
9713	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9714	    sp->page_length);
9715	pd = &sp->design[0];
9716
9717	mtx_lock(&softc->ctl_lock);
9718	STAILQ_FOREACH(port, &softc->port_list, links) {
9719		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9720			continue;
9721		if (lun != NULL &&
9722		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9723			continue;
9724		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9725		if (port->init_devid) {
9726			iid_len = port->init_devid->len;
9727			memcpy(pd->initiator_transportid,
9728			    port->init_devid->data, port->init_devid->len);
9729		} else
9730			iid_len = 0;
9731		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9732		pdc = (struct scsi_vpd_port_designation_cont *)
9733		    (&pd->initiator_transportid[iid_len]);
9734		if (port->port_devid) {
9735			id_len = port->port_devid->len;
9736			memcpy(pdc->target_port_descriptors,
9737			    port->port_devid->data, port->port_devid->len);
9738		} else
9739			id_len = 0;
9740		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9741		pd = (struct scsi_vpd_port_designation *)
9742		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9743	}
9744	mtx_unlock(&softc->ctl_lock);
9745
9746	ctl_set_success(ctsio);
9747	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9748	ctsio->be_move_done = ctl_config_move_done;
9749	ctl_datamove((union ctl_io *)ctsio);
9750	return (CTL_RETVAL_COMPLETE);
9751}
9752
9753static int
9754ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9755{
9756	struct scsi_vpd_block_limits *bl_ptr;
9757	struct ctl_lun *lun;
9758
9759	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9760
9761	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9762	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9763	ctsio->kern_sg_entries = 0;
9764
9765	if (sizeof(*bl_ptr) < alloc_len) {
9766		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9767		ctsio->kern_data_len = sizeof(*bl_ptr);
9768		ctsio->kern_total_len = sizeof(*bl_ptr);
9769	} else {
9770		ctsio->residual = 0;
9771		ctsio->kern_data_len = alloc_len;
9772		ctsio->kern_total_len = alloc_len;
9773	}
9774	ctsio->kern_data_resid = 0;
9775	ctsio->kern_rel_offset = 0;
9776	ctsio->kern_sg_entries = 0;
9777
9778	/*
9779	 * The control device is always connected.  The disk device, on the
9780	 * other hand, may not be online all the time.  Need to change this
9781	 * to figure out whether the disk device is actually online or not.
9782	 */
9783	if (lun != NULL)
9784		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9785				  lun->be_lun->lun_type;
9786	else
9787		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9788
9789	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9790	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9791	bl_ptr->max_cmp_write_len = 0xff;
9792	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9793	if (lun != NULL) {
9794		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9795		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9796			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9797			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9798			if (lun->be_lun->ublockexp != 0) {
9799				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9800				    bl_ptr->opt_unmap_grain);
9801				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9802				    bl_ptr->unmap_grain_align);
9803			}
9804		}
9805		scsi_ulto4b(lun->be_lun->atomicblock,
9806		    bl_ptr->max_atomic_transfer_length);
9807		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9808		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9809		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9810		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9811	}
9812	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9813
9814	ctl_set_success(ctsio);
9815	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9816	ctsio->be_move_done = ctl_config_move_done;
9817	ctl_datamove((union ctl_io *)ctsio);
9818	return (CTL_RETVAL_COMPLETE);
9819}
9820
9821static int
9822ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9823{
9824	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9825	struct ctl_lun *lun;
9826	const char *value;
9827	u_int i;
9828
9829	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9830
9831	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9832	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9833	ctsio->kern_sg_entries = 0;
9834
9835	if (sizeof(*bdc_ptr) < alloc_len) {
9836		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9837		ctsio->kern_data_len = sizeof(*bdc_ptr);
9838		ctsio->kern_total_len = sizeof(*bdc_ptr);
9839	} else {
9840		ctsio->residual = 0;
9841		ctsio->kern_data_len = alloc_len;
9842		ctsio->kern_total_len = alloc_len;
9843	}
9844	ctsio->kern_data_resid = 0;
9845	ctsio->kern_rel_offset = 0;
9846	ctsio->kern_sg_entries = 0;
9847
9848	/*
9849	 * The control device is always connected.  The disk device, on the
9850	 * other hand, may not be online all the time.  Need to change this
9851	 * to figure out whether the disk device is actually online or not.
9852	 */
9853	if (lun != NULL)
9854		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9855				  lun->be_lun->lun_type;
9856	else
9857		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9858	bdc_ptr->page_code = SVPD_BDC;
9859	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9860	if (lun != NULL &&
9861	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9862		i = strtol(value, NULL, 0);
9863	else
9864		i = CTL_DEFAULT_ROTATION_RATE;
9865	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9866	if (lun != NULL &&
9867	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9868		i = strtol(value, NULL, 0);
9869	else
9870		i = 0;
9871	bdc_ptr->wab_wac_ff = (i & 0x0f);
9872	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9873
9874	ctl_set_success(ctsio);
9875	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9876	ctsio->be_move_done = ctl_config_move_done;
9877	ctl_datamove((union ctl_io *)ctsio);
9878	return (CTL_RETVAL_COMPLETE);
9879}
9880
9881static int
9882ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9883{
9884	struct scsi_vpd_logical_block_prov *lbp_ptr;
9885	struct ctl_lun *lun;
9886
9887	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9888
9889	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9890	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9891	ctsio->kern_sg_entries = 0;
9892
9893	if (sizeof(*lbp_ptr) < alloc_len) {
9894		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9895		ctsio->kern_data_len = sizeof(*lbp_ptr);
9896		ctsio->kern_total_len = sizeof(*lbp_ptr);
9897	} else {
9898		ctsio->residual = 0;
9899		ctsio->kern_data_len = alloc_len;
9900		ctsio->kern_total_len = alloc_len;
9901	}
9902	ctsio->kern_data_resid = 0;
9903	ctsio->kern_rel_offset = 0;
9904	ctsio->kern_sg_entries = 0;
9905
9906	/*
9907	 * The control device is always connected.  The disk device, on the
9908	 * other hand, may not be online all the time.  Need to change this
9909	 * to figure out whether the disk device is actually online or not.
9910	 */
9911	if (lun != NULL)
9912		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9913				  lun->be_lun->lun_type;
9914	else
9915		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9916
9917	lbp_ptr->page_code = SVPD_LBP;
9918	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9919	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9920	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9921		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9922		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9923		lbp_ptr->prov_type = SVPD_LBP_THIN;
9924	}
9925
9926	ctl_set_success(ctsio);
9927	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9928	ctsio->be_move_done = ctl_config_move_done;
9929	ctl_datamove((union ctl_io *)ctsio);
9930	return (CTL_RETVAL_COMPLETE);
9931}
9932
9933/*
9934 * INQUIRY with the EVPD bit set.
9935 */
9936static int
9937ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9938{
9939	struct ctl_lun *lun;
9940	struct scsi_inquiry *cdb;
9941	int alloc_len, retval;
9942
9943	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9944	cdb = (struct scsi_inquiry *)ctsio->cdb;
9945	alloc_len = scsi_2btoul(cdb->length);
9946
9947	switch (cdb->page_code) {
9948	case SVPD_SUPPORTED_PAGES:
9949		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9950		break;
9951	case SVPD_UNIT_SERIAL_NUMBER:
9952		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9953		break;
9954	case SVPD_DEVICE_ID:
9955		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9956		break;
9957	case SVPD_EXTENDED_INQUIRY_DATA:
9958		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9959		break;
9960	case SVPD_MODE_PAGE_POLICY:
9961		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9962		break;
9963	case SVPD_SCSI_PORTS:
9964		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9965		break;
9966	case SVPD_SCSI_TPC:
9967		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9968		break;
9969	case SVPD_BLOCK_LIMITS:
9970		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9971			goto err;
9972		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9973		break;
9974	case SVPD_BDC:
9975		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9976			goto err;
9977		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9978		break;
9979	case SVPD_LBP:
9980		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9981			goto err;
9982		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9983		break;
9984	default:
9985err:
9986		ctl_set_invalid_field(ctsio,
9987				      /*sks_valid*/ 1,
9988				      /*command*/ 1,
9989				      /*field*/ 2,
9990				      /*bit_valid*/ 0,
9991				      /*bit*/ 0);
9992		ctl_done((union ctl_io *)ctsio);
9993		retval = CTL_RETVAL_COMPLETE;
9994		break;
9995	}
9996
9997	return (retval);
9998}
9999
10000/*
10001 * Standard INQUIRY data.
10002 */
10003static int
10004ctl_inquiry_std(struct ctl_scsiio *ctsio)
10005{
10006	struct scsi_inquiry_data *inq_ptr;
10007	struct scsi_inquiry *cdb;
10008	struct ctl_softc *softc = control_softc;
10009	struct ctl_port *port;
10010	struct ctl_lun *lun;
10011	char *val;
10012	uint32_t alloc_len, data_len;
10013	ctl_port_type port_type;
10014
10015	port = ctl_io_port(&ctsio->io_hdr);
10016	port_type = port->port_type;
10017	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10018		port_type = CTL_PORT_SCSI;
10019
10020	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10021	cdb = (struct scsi_inquiry *)ctsio->cdb;
10022	alloc_len = scsi_2btoul(cdb->length);
10023
10024	/*
10025	 * We malloc the full inquiry data size here and fill it
10026	 * in.  If the user only asks for less, we'll give him
10027	 * that much.
10028	 */
10029	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10030	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10031	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10032	ctsio->kern_sg_entries = 0;
10033	ctsio->kern_data_resid = 0;
10034	ctsio->kern_rel_offset = 0;
10035
10036	if (data_len < alloc_len) {
10037		ctsio->residual = alloc_len - data_len;
10038		ctsio->kern_data_len = data_len;
10039		ctsio->kern_total_len = data_len;
10040	} else {
10041		ctsio->residual = 0;
10042		ctsio->kern_data_len = alloc_len;
10043		ctsio->kern_total_len = alloc_len;
10044	}
10045
10046	if (lun != NULL) {
10047		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10048		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10049			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10050			    lun->be_lun->lun_type;
10051		} else {
10052			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10053			    lun->be_lun->lun_type;
10054		}
10055	} else
10056		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10057
10058	/* RMB in byte 2 is 0 */
10059	inq_ptr->version = SCSI_REV_SPC4;
10060
10061	/*
10062	 * According to SAM-3, even if a device only supports a single
10063	 * level of LUN addressing, it should still set the HISUP bit:
10064	 *
10065	 * 4.9.1 Logical unit numbers overview
10066	 *
10067	 * All logical unit number formats described in this standard are
10068	 * hierarchical in structure even when only a single level in that
10069	 * hierarchy is used. The HISUP bit shall be set to one in the
10070	 * standard INQUIRY data (see SPC-2) when any logical unit number
10071	 * format described in this standard is used.  Non-hierarchical
10072	 * formats are outside the scope of this standard.
10073	 *
10074	 * Therefore we set the HiSup bit here.
10075	 *
10076	 * The reponse format is 2, per SPC-3.
10077	 */
10078	inq_ptr->response_format = SID_HiSup | 2;
10079
10080	inq_ptr->additional_length = data_len -
10081	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10082	CTL_DEBUG_PRINT(("additional_length = %d\n",
10083			 inq_ptr->additional_length));
10084
10085	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10086	if (port_type == CTL_PORT_SCSI)
10087		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10088	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10089	inq_ptr->flags = SID_CmdQue;
10090	if (port_type == CTL_PORT_SCSI)
10091		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10092
10093	/*
10094	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10095	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10096	 * name and 4 bytes for the revision.
10097	 */
10098	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10099	    "vendor")) == NULL) {
10100		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10101	} else {
10102		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10103		strncpy(inq_ptr->vendor, val,
10104		    min(sizeof(inq_ptr->vendor), strlen(val)));
10105	}
10106	if (lun == NULL) {
10107		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10108		    sizeof(inq_ptr->product));
10109	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10110		switch (lun->be_lun->lun_type) {
10111		case T_DIRECT:
10112			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10113			    sizeof(inq_ptr->product));
10114			break;
10115		case T_PROCESSOR:
10116			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10117			    sizeof(inq_ptr->product));
10118			break;
10119		default:
10120			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10121			    sizeof(inq_ptr->product));
10122			break;
10123		}
10124	} else {
10125		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10126		strncpy(inq_ptr->product, val,
10127		    min(sizeof(inq_ptr->product), strlen(val)));
10128	}
10129
10130	/*
10131	 * XXX make this a macro somewhere so it automatically gets
10132	 * incremented when we make changes.
10133	 */
10134	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10135	    "revision")) == NULL) {
10136		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10137	} else {
10138		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10139		strncpy(inq_ptr->revision, val,
10140		    min(sizeof(inq_ptr->revision), strlen(val)));
10141	}
10142
10143	/*
10144	 * For parallel SCSI, we support double transition and single
10145	 * transition clocking.  We also support QAS (Quick Arbitration
10146	 * and Selection) and Information Unit transfers on both the
10147	 * control and array devices.
10148	 */
10149	if (port_type == CTL_PORT_SCSI)
10150		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10151				    SID_SPI_IUS;
10152
10153	/* SAM-5 (no version claimed) */
10154	scsi_ulto2b(0x00A0, inq_ptr->version1);
10155	/* SPC-4 (no version claimed) */
10156	scsi_ulto2b(0x0460, inq_ptr->version2);
10157	if (port_type == CTL_PORT_FC) {
10158		/* FCP-2 ANSI INCITS.350:2003 */
10159		scsi_ulto2b(0x0917, inq_ptr->version3);
10160	} else if (port_type == CTL_PORT_SCSI) {
10161		/* SPI-4 ANSI INCITS.362:200x */
10162		scsi_ulto2b(0x0B56, inq_ptr->version3);
10163	} else if (port_type == CTL_PORT_ISCSI) {
10164		/* iSCSI (no version claimed) */
10165		scsi_ulto2b(0x0960, inq_ptr->version3);
10166	} else if (port_type == CTL_PORT_SAS) {
10167		/* SAS (no version claimed) */
10168		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10169	}
10170
10171	if (lun == NULL) {
10172		/* SBC-4 (no version claimed) */
10173		scsi_ulto2b(0x0600, inq_ptr->version4);
10174	} else {
10175		switch (lun->be_lun->lun_type) {
10176		case T_DIRECT:
10177			/* SBC-4 (no version claimed) */
10178			scsi_ulto2b(0x0600, inq_ptr->version4);
10179			break;
10180		case T_PROCESSOR:
10181		default:
10182			break;
10183		}
10184	}
10185
10186	ctl_set_success(ctsio);
10187	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10188	ctsio->be_move_done = ctl_config_move_done;
10189	ctl_datamove((union ctl_io *)ctsio);
10190	return (CTL_RETVAL_COMPLETE);
10191}
10192
10193int
10194ctl_inquiry(struct ctl_scsiio *ctsio)
10195{
10196	struct scsi_inquiry *cdb;
10197	int retval;
10198
10199	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10200
10201	cdb = (struct scsi_inquiry *)ctsio->cdb;
10202	if (cdb->byte2 & SI_EVPD)
10203		retval = ctl_inquiry_evpd(ctsio);
10204	else if (cdb->page_code == 0)
10205		retval = ctl_inquiry_std(ctsio);
10206	else {
10207		ctl_set_invalid_field(ctsio,
10208				      /*sks_valid*/ 1,
10209				      /*command*/ 1,
10210				      /*field*/ 2,
10211				      /*bit_valid*/ 0,
10212				      /*bit*/ 0);
10213		ctl_done((union ctl_io *)ctsio);
10214		return (CTL_RETVAL_COMPLETE);
10215	}
10216
10217	return (retval);
10218}
10219
10220/*
10221 * For known CDB types, parse the LBA and length.
10222 */
10223static int
10224ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10225{
10226	if (io->io_hdr.io_type != CTL_IO_SCSI)
10227		return (1);
10228
10229	switch (io->scsiio.cdb[0]) {
10230	case COMPARE_AND_WRITE: {
10231		struct scsi_compare_and_write *cdb;
10232
10233		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10234
10235		*lba = scsi_8btou64(cdb->addr);
10236		*len = cdb->length;
10237		break;
10238	}
10239	case READ_6:
10240	case WRITE_6: {
10241		struct scsi_rw_6 *cdb;
10242
10243		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10244
10245		*lba = scsi_3btoul(cdb->addr);
10246		/* only 5 bits are valid in the most significant address byte */
10247		*lba &= 0x1fffff;
10248		*len = cdb->length;
10249		break;
10250	}
10251	case READ_10:
10252	case WRITE_10: {
10253		struct scsi_rw_10 *cdb;
10254
10255		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10256
10257		*lba = scsi_4btoul(cdb->addr);
10258		*len = scsi_2btoul(cdb->length);
10259		break;
10260	}
10261	case WRITE_VERIFY_10: {
10262		struct scsi_write_verify_10 *cdb;
10263
10264		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10265
10266		*lba = scsi_4btoul(cdb->addr);
10267		*len = scsi_2btoul(cdb->length);
10268		break;
10269	}
10270	case READ_12:
10271	case WRITE_12: {
10272		struct scsi_rw_12 *cdb;
10273
10274		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10275
10276		*lba = scsi_4btoul(cdb->addr);
10277		*len = scsi_4btoul(cdb->length);
10278		break;
10279	}
10280	case WRITE_VERIFY_12: {
10281		struct scsi_write_verify_12 *cdb;
10282
10283		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10284
10285		*lba = scsi_4btoul(cdb->addr);
10286		*len = scsi_4btoul(cdb->length);
10287		break;
10288	}
10289	case READ_16:
10290	case WRITE_16: {
10291		struct scsi_rw_16 *cdb;
10292
10293		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10294
10295		*lba = scsi_8btou64(cdb->addr);
10296		*len = scsi_4btoul(cdb->length);
10297		break;
10298	}
10299	case WRITE_ATOMIC_16: {
10300		struct scsi_write_atomic_16 *cdb;
10301
10302		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10303
10304		*lba = scsi_8btou64(cdb->addr);
10305		*len = scsi_2btoul(cdb->length);
10306		break;
10307	}
10308	case WRITE_VERIFY_16: {
10309		struct scsi_write_verify_16 *cdb;
10310
10311		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10312
10313		*lba = scsi_8btou64(cdb->addr);
10314		*len = scsi_4btoul(cdb->length);
10315		break;
10316	}
10317	case WRITE_SAME_10: {
10318		struct scsi_write_same_10 *cdb;
10319
10320		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10321
10322		*lba = scsi_4btoul(cdb->addr);
10323		*len = scsi_2btoul(cdb->length);
10324		break;
10325	}
10326	case WRITE_SAME_16: {
10327		struct scsi_write_same_16 *cdb;
10328
10329		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10330
10331		*lba = scsi_8btou64(cdb->addr);
10332		*len = scsi_4btoul(cdb->length);
10333		break;
10334	}
10335	case VERIFY_10: {
10336		struct scsi_verify_10 *cdb;
10337
10338		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10339
10340		*lba = scsi_4btoul(cdb->addr);
10341		*len = scsi_2btoul(cdb->length);
10342		break;
10343	}
10344	case VERIFY_12: {
10345		struct scsi_verify_12 *cdb;
10346
10347		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10348
10349		*lba = scsi_4btoul(cdb->addr);
10350		*len = scsi_4btoul(cdb->length);
10351		break;
10352	}
10353	case VERIFY_16: {
10354		struct scsi_verify_16 *cdb;
10355
10356		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10357
10358		*lba = scsi_8btou64(cdb->addr);
10359		*len = scsi_4btoul(cdb->length);
10360		break;
10361	}
10362	case UNMAP: {
10363		*lba = 0;
10364		*len = UINT64_MAX;
10365		break;
10366	}
10367	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10368		struct scsi_get_lba_status *cdb;
10369
10370		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10371		*lba = scsi_8btou64(cdb->addr);
10372		*len = UINT32_MAX;
10373		break;
10374	}
10375	default:
10376		return (1);
10377		break; /* NOTREACHED */
10378	}
10379
10380	return (0);
10381}
10382
10383static ctl_action
10384ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10385    bool seq)
10386{
10387	uint64_t endlba1, endlba2;
10388
10389	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10390	endlba2 = lba2 + len2 - 1;
10391
10392	if ((endlba1 < lba2) || (endlba2 < lba1))
10393		return (CTL_ACTION_PASS);
10394	else
10395		return (CTL_ACTION_BLOCK);
10396}
10397
10398static int
10399ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10400{
10401	struct ctl_ptr_len_flags *ptrlen;
10402	struct scsi_unmap_desc *buf, *end, *range;
10403	uint64_t lba;
10404	uint32_t len;
10405
10406	/* If not UNMAP -- go other way. */
10407	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10408	    io->scsiio.cdb[0] != UNMAP)
10409		return (CTL_ACTION_ERROR);
10410
10411	/* If UNMAP without data -- block and wait for data. */
10412	ptrlen = (struct ctl_ptr_len_flags *)
10413	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10414	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10415	    ptrlen->ptr == NULL)
10416		return (CTL_ACTION_BLOCK);
10417
10418	/* UNMAP with data -- check for collision. */
10419	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10420	end = buf + ptrlen->len / sizeof(*buf);
10421	for (range = buf; range < end; range++) {
10422		lba = scsi_8btou64(range->lba);
10423		len = scsi_4btoul(range->length);
10424		if ((lba < lba2 + len2) && (lba + len > lba2))
10425			return (CTL_ACTION_BLOCK);
10426	}
10427	return (CTL_ACTION_PASS);
10428}
10429
10430static ctl_action
10431ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10432{
10433	uint64_t lba1, lba2;
10434	uint64_t len1, len2;
10435	int retval;
10436
10437	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10438		return (CTL_ACTION_ERROR);
10439
10440	retval = ctl_extent_check_unmap(io1, lba2, len2);
10441	if (retval != CTL_ACTION_ERROR)
10442		return (retval);
10443
10444	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10445		return (CTL_ACTION_ERROR);
10446
10447	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10448		seq = FALSE;
10449	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10450}
10451
10452static ctl_action
10453ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10454{
10455	uint64_t lba1, lba2;
10456	uint64_t len1, len2;
10457
10458	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10459		return (CTL_ACTION_PASS);
10460	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10461		return (CTL_ACTION_ERROR);
10462	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10463		return (CTL_ACTION_ERROR);
10464
10465	if (lba1 + len1 == lba2)
10466		return (CTL_ACTION_BLOCK);
10467	return (CTL_ACTION_PASS);
10468}
10469
10470static ctl_action
10471ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10472    union ctl_io *ooa_io)
10473{
10474	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10475	const ctl_serialize_action *serialize_row;
10476
10477	/*
10478	 * The initiator attempted multiple untagged commands at the same
10479	 * time.  Can't do that.
10480	 */
10481	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10482	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10483	 && ((pending_io->io_hdr.nexus.targ_port ==
10484	      ooa_io->io_hdr.nexus.targ_port)
10485	  && (pending_io->io_hdr.nexus.initid ==
10486	      ooa_io->io_hdr.nexus.initid))
10487	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10488	      CTL_FLAG_STATUS_SENT)) == 0))
10489		return (CTL_ACTION_OVERLAP);
10490
10491	/*
10492	 * The initiator attempted to send multiple tagged commands with
10493	 * the same ID.  (It's fine if different initiators have the same
10494	 * tag ID.)
10495	 *
10496	 * Even if all of those conditions are true, we don't kill the I/O
10497	 * if the command ahead of us has been aborted.  We won't end up
10498	 * sending it to the FETD, and it's perfectly legal to resend a
10499	 * command with the same tag number as long as the previous
10500	 * instance of this tag number has been aborted somehow.
10501	 */
10502	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10503	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10504	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10505	 && ((pending_io->io_hdr.nexus.targ_port ==
10506	      ooa_io->io_hdr.nexus.targ_port)
10507	  && (pending_io->io_hdr.nexus.initid ==
10508	      ooa_io->io_hdr.nexus.initid))
10509	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10510	      CTL_FLAG_STATUS_SENT)) == 0))
10511		return (CTL_ACTION_OVERLAP_TAG);
10512
10513	/*
10514	 * If we get a head of queue tag, SAM-3 says that we should
10515	 * immediately execute it.
10516	 *
10517	 * What happens if this command would normally block for some other
10518	 * reason?  e.g. a request sense with a head of queue tag
10519	 * immediately after a write.  Normally that would block, but this
10520	 * will result in its getting executed immediately...
10521	 *
10522	 * We currently return "pass" instead of "skip", so we'll end up
10523	 * going through the rest of the queue to check for overlapped tags.
10524	 *
10525	 * XXX KDM check for other types of blockage first??
10526	 */
10527	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10528		return (CTL_ACTION_PASS);
10529
10530	/*
10531	 * Ordered tags have to block until all items ahead of them
10532	 * have completed.  If we get called with an ordered tag, we always
10533	 * block, if something else is ahead of us in the queue.
10534	 */
10535	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10536		return (CTL_ACTION_BLOCK);
10537
10538	/*
10539	 * Simple tags get blocked until all head of queue and ordered tags
10540	 * ahead of them have completed.  I'm lumping untagged commands in
10541	 * with simple tags here.  XXX KDM is that the right thing to do?
10542	 */
10543	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10544	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10545	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10546	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10547		return (CTL_ACTION_BLOCK);
10548
10549	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10550	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10551
10552	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10553
10554	switch (serialize_row[pending_entry->seridx]) {
10555	case CTL_SER_BLOCK:
10556		return (CTL_ACTION_BLOCK);
10557	case CTL_SER_EXTENT:
10558		return (ctl_extent_check(ooa_io, pending_io,
10559		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10560	case CTL_SER_EXTENTOPT:
10561		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10562		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10563			return (ctl_extent_check(ooa_io, pending_io,
10564			    (lun->be_lun &&
10565			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10566		return (CTL_ACTION_PASS);
10567	case CTL_SER_EXTENTSEQ:
10568		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10569			return (ctl_extent_check_seq(ooa_io, pending_io));
10570		return (CTL_ACTION_PASS);
10571	case CTL_SER_PASS:
10572		return (CTL_ACTION_PASS);
10573	case CTL_SER_BLOCKOPT:
10574		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10575		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10576			return (CTL_ACTION_BLOCK);
10577		return (CTL_ACTION_PASS);
10578	case CTL_SER_SKIP:
10579		return (CTL_ACTION_SKIP);
10580	default:
10581		panic("invalid serialization value %d",
10582		      serialize_row[pending_entry->seridx]);
10583	}
10584
10585	return (CTL_ACTION_ERROR);
10586}
10587
10588/*
10589 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10590 * Assumptions:
10591 * - pending_io is generally either incoming, or on the blocked queue
10592 * - starting I/O is the I/O we want to start the check with.
10593 */
10594static ctl_action
10595ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10596	      union ctl_io *starting_io)
10597{
10598	union ctl_io *ooa_io;
10599	ctl_action action;
10600
10601	mtx_assert(&lun->lun_lock, MA_OWNED);
10602
10603	/*
10604	 * Run back along the OOA queue, starting with the current
10605	 * blocked I/O and going through every I/O before it on the
10606	 * queue.  If starting_io is NULL, we'll just end up returning
10607	 * CTL_ACTION_PASS.
10608	 */
10609	for (ooa_io = starting_io; ooa_io != NULL;
10610	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10611	     ooa_links)){
10612
10613		/*
10614		 * This routine just checks to see whether
10615		 * cur_blocked is blocked by ooa_io, which is ahead
10616		 * of it in the queue.  It doesn't queue/dequeue
10617		 * cur_blocked.
10618		 */
10619		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10620		switch (action) {
10621		case CTL_ACTION_BLOCK:
10622		case CTL_ACTION_OVERLAP:
10623		case CTL_ACTION_OVERLAP_TAG:
10624		case CTL_ACTION_SKIP:
10625		case CTL_ACTION_ERROR:
10626			return (action);
10627			break; /* NOTREACHED */
10628		case CTL_ACTION_PASS:
10629			break;
10630		default:
10631			panic("invalid action %d", action);
10632			break;  /* NOTREACHED */
10633		}
10634	}
10635
10636	return (CTL_ACTION_PASS);
10637}
10638
10639/*
10640 * Assumptions:
10641 * - An I/O has just completed, and has been removed from the per-LUN OOA
10642 *   queue, so some items on the blocked queue may now be unblocked.
10643 */
10644static int
10645ctl_check_blocked(struct ctl_lun *lun)
10646{
10647	struct ctl_softc *softc = lun->ctl_softc;
10648	union ctl_io *cur_blocked, *next_blocked;
10649
10650	mtx_assert(&lun->lun_lock, MA_OWNED);
10651
10652	/*
10653	 * Run forward from the head of the blocked queue, checking each
10654	 * entry against the I/Os prior to it on the OOA queue to see if
10655	 * there is still any blockage.
10656	 *
10657	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10658	 * with our removing a variable on it while it is traversing the
10659	 * list.
10660	 */
10661	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10662	     cur_blocked != NULL; cur_blocked = next_blocked) {
10663		union ctl_io *prev_ooa;
10664		ctl_action action;
10665
10666		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10667							  blocked_links);
10668
10669		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10670						      ctl_ooaq, ooa_links);
10671
10672		/*
10673		 * If cur_blocked happens to be the first item in the OOA
10674		 * queue now, prev_ooa will be NULL, and the action
10675		 * returned will just be CTL_ACTION_PASS.
10676		 */
10677		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10678
10679		switch (action) {
10680		case CTL_ACTION_BLOCK:
10681			/* Nothing to do here, still blocked */
10682			break;
10683		case CTL_ACTION_OVERLAP:
10684		case CTL_ACTION_OVERLAP_TAG:
10685			/*
10686			 * This shouldn't happen!  In theory we've already
10687			 * checked this command for overlap...
10688			 */
10689			break;
10690		case CTL_ACTION_PASS:
10691		case CTL_ACTION_SKIP: {
10692			const struct ctl_cmd_entry *entry;
10693
10694			/*
10695			 * The skip case shouldn't happen, this transaction
10696			 * should have never made it onto the blocked queue.
10697			 */
10698			/*
10699			 * This I/O is no longer blocked, we can remove it
10700			 * from the blocked queue.  Since this is a TAILQ
10701			 * (doubly linked list), we can do O(1) removals
10702			 * from any place on the list.
10703			 */
10704			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10705				     blocked_links);
10706			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10707
10708			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10709			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10710				/*
10711				 * Need to send IO back to original side to
10712				 * run
10713				 */
10714				union ctl_ha_msg msg_info;
10715
10716				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10717				msg_info.hdr.original_sc =
10718					cur_blocked->io_hdr.original_sc;
10719				msg_info.hdr.serializing_sc = cur_blocked;
10720				msg_info.hdr.msg_type = CTL_MSG_R2R;
10721				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10722				    sizeof(msg_info.hdr), M_NOWAIT);
10723				break;
10724			}
10725			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10726
10727			/*
10728			 * Check this I/O for LUN state changes that may
10729			 * have happened while this command was blocked.
10730			 * The LUN state may have been changed by a command
10731			 * ahead of us in the queue, so we need to re-check
10732			 * for any states that can be caused by SCSI
10733			 * commands.
10734			 */
10735			if (ctl_scsiio_lun_check(lun, entry,
10736						 &cur_blocked->scsiio) == 0) {
10737				cur_blocked->io_hdr.flags |=
10738				                      CTL_FLAG_IS_WAS_ON_RTR;
10739				ctl_enqueue_rtr(cur_blocked);
10740			} else
10741				ctl_done(cur_blocked);
10742			break;
10743		}
10744		default:
10745			/*
10746			 * This probably shouldn't happen -- we shouldn't
10747			 * get CTL_ACTION_ERROR, or anything else.
10748			 */
10749			break;
10750		}
10751	}
10752
10753	return (CTL_RETVAL_COMPLETE);
10754}
10755
10756/*
10757 * This routine (with one exception) checks LUN flags that can be set by
10758 * commands ahead of us in the OOA queue.  These flags have to be checked
10759 * when a command initially comes in, and when we pull a command off the
10760 * blocked queue and are preparing to execute it.  The reason we have to
10761 * check these flags for commands on the blocked queue is that the LUN
10762 * state may have been changed by a command ahead of us while we're on the
10763 * blocked queue.
10764 *
10765 * Ordering is somewhat important with these checks, so please pay
10766 * careful attention to the placement of any new checks.
10767 */
10768static int
10769ctl_scsiio_lun_check(struct ctl_lun *lun,
10770    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10771{
10772	struct ctl_softc *softc = lun->ctl_softc;
10773	int retval;
10774	uint32_t residx;
10775
10776	retval = 0;
10777
10778	mtx_assert(&lun->lun_lock, MA_OWNED);
10779
10780	/*
10781	 * If this shelf is a secondary shelf controller, we may have to
10782	 * reject some commands disallowed by HA mode and link state.
10783	 */
10784	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10785		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10786		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10787			ctl_set_lun_unavail(ctsio);
10788			retval = 1;
10789			goto bailout;
10790		}
10791		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10792		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10793			ctl_set_lun_transit(ctsio);
10794			retval = 1;
10795			goto bailout;
10796		}
10797		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10798		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10799			ctl_set_lun_standby(ctsio);
10800			retval = 1;
10801			goto bailout;
10802		}
10803
10804		/* The rest of checks are only done on executing side */
10805		if (softc->ha_mode == CTL_HA_MODE_XFER)
10806			goto bailout;
10807	}
10808
10809	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10810		if (lun->be_lun &&
10811		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10812			ctl_set_hw_write_protected(ctsio);
10813			retval = 1;
10814			goto bailout;
10815		}
10816		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10817		    .eca_and_aen & SCP_SWP) != 0) {
10818			ctl_set_sense(ctsio, /*current_error*/ 1,
10819			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10820			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10821			retval = 1;
10822			goto bailout;
10823		}
10824	}
10825
10826	/*
10827	 * Check for a reservation conflict.  If this command isn't allowed
10828	 * even on reserved LUNs, and if this initiator isn't the one who
10829	 * reserved us, reject the command with a reservation conflict.
10830	 */
10831	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10832	if ((lun->flags & CTL_LUN_RESERVED)
10833	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10834		if (lun->res_idx != residx) {
10835			ctl_set_reservation_conflict(ctsio);
10836			retval = 1;
10837			goto bailout;
10838		}
10839	}
10840
10841	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10842	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10843		/* No reservation or command is allowed. */;
10844	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10845	    (lun->res_type == SPR_TYPE_WR_EX ||
10846	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10847	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10848		/* The command is allowed for Write Exclusive resv. */;
10849	} else {
10850		/*
10851		 * if we aren't registered or it's a res holder type
10852		 * reservation and this isn't the res holder then set a
10853		 * conflict.
10854		 */
10855		if (ctl_get_prkey(lun, residx) == 0
10856		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10857			ctl_set_reservation_conflict(ctsio);
10858			retval = 1;
10859			goto bailout;
10860		}
10861	}
10862
10863	if ((lun->flags & CTL_LUN_OFFLINE)
10864	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10865		ctl_set_lun_not_ready(ctsio);
10866		retval = 1;
10867		goto bailout;
10868	}
10869
10870	if ((lun->flags & CTL_LUN_STOPPED)
10871	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10872		/* "Logical unit not ready, initializing cmd. required" */
10873		ctl_set_lun_stopped(ctsio);
10874		retval = 1;
10875		goto bailout;
10876	}
10877
10878	if ((lun->flags & CTL_LUN_INOPERABLE)
10879	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10880		/* "Medium format corrupted" */
10881		ctl_set_medium_format_corrupted(ctsio);
10882		retval = 1;
10883		goto bailout;
10884	}
10885
10886bailout:
10887	return (retval);
10888}
10889
10890static void
10891ctl_failover_io(union ctl_io *io, int have_lock)
10892{
10893	ctl_set_busy(&io->scsiio);
10894	ctl_done(io);
10895}
10896
10897static void
10898ctl_failover_lun(union ctl_io *rio)
10899{
10900	struct ctl_softc *softc = control_softc;
10901	struct ctl_lun *lun;
10902	struct ctl_io_hdr *io, *next_io;
10903	uint32_t targ_lun;
10904
10905	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
10906	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
10907
10908	/* Find and lock the LUN. */
10909	mtx_lock(&softc->ctl_lock);
10910	if ((targ_lun < CTL_MAX_LUNS) &&
10911	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10912		mtx_lock(&lun->lun_lock);
10913		mtx_unlock(&softc->ctl_lock);
10914		if (lun->flags & CTL_LUN_DISABLED) {
10915			mtx_unlock(&lun->lun_lock);
10916			return;
10917		}
10918	} else {
10919		mtx_unlock(&softc->ctl_lock);
10920		return;
10921	}
10922
10923	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10924		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10925			/* We are master */
10926			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10927				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10928					io->flags |= CTL_FLAG_ABORT;
10929					io->flags |= CTL_FLAG_FAILOVER;
10930				} else { /* This can be only due to DATAMOVE */
10931					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10932					io->flags &= ~CTL_FLAG_DMA_INPROG;
10933					io->flags |= CTL_FLAG_IO_ACTIVE;
10934					io->port_status = 31340;
10935					ctl_enqueue_isc((union ctl_io *)io);
10936				}
10937			}
10938			/* We are slave */
10939			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10940				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10941				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10942					io->flags |= CTL_FLAG_FAILOVER;
10943				} else {
10944					ctl_set_busy(&((union ctl_io *)io)->
10945					    scsiio);
10946					ctl_done((union ctl_io *)io);
10947				}
10948			}
10949		}
10950	} else { /* SERIALIZE modes */
10951		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10952		    next_io) {
10953			/* We are master */
10954			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10955				TAILQ_REMOVE(&lun->blocked_queue, io,
10956				    blocked_links);
10957				io->flags &= ~CTL_FLAG_BLOCKED;
10958				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10959				ctl_free_io((union ctl_io *)io);
10960			}
10961		}
10962		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10963			/* We are master */
10964			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10965				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10966				ctl_free_io((union ctl_io *)io);
10967			}
10968			/* We are slave */
10969			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10970				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10971				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
10972					ctl_set_busy(&((union ctl_io *)io)->
10973					    scsiio);
10974					ctl_done((union ctl_io *)io);
10975				}
10976			}
10977		}
10978		ctl_check_blocked(lun);
10979	}
10980	mtx_unlock(&lun->lun_lock);
10981}
10982
10983static int
10984ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
10985{
10986	struct ctl_lun *lun;
10987	const struct ctl_cmd_entry *entry;
10988	uint32_t initidx, targ_lun;
10989	int retval;
10990
10991	retval = 0;
10992
10993	lun = NULL;
10994
10995	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
10996	if ((targ_lun < CTL_MAX_LUNS)
10997	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10998		/*
10999		 * If the LUN is invalid, pretend that it doesn't exist.
11000		 * It will go away as soon as all pending I/O has been
11001		 * completed.
11002		 */
11003		mtx_lock(&lun->lun_lock);
11004		if (lun->flags & CTL_LUN_DISABLED) {
11005			mtx_unlock(&lun->lun_lock);
11006			lun = NULL;
11007			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11008			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11009		} else {
11010			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11011			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11012				lun->be_lun;
11013
11014			/*
11015			 * Every I/O goes into the OOA queue for a
11016			 * particular LUN, and stays there until completion.
11017			 */
11018#ifdef CTL_TIME_IO
11019			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11020				lun->idle_time += getsbinuptime() -
11021				    lun->last_busy;
11022			}
11023#endif
11024			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11025			    ooa_links);
11026		}
11027	} else {
11028		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11029		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11030	}
11031
11032	/* Get command entry and return error if it is unsuppotyed. */
11033	entry = ctl_validate_command(ctsio);
11034	if (entry == NULL) {
11035		if (lun)
11036			mtx_unlock(&lun->lun_lock);
11037		return (retval);
11038	}
11039
11040	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11041	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11042
11043	/*
11044	 * Check to see whether we can send this command to LUNs that don't
11045	 * exist.  This should pretty much only be the case for inquiry
11046	 * and request sense.  Further checks, below, really require having
11047	 * a LUN, so we can't really check the command anymore.  Just put
11048	 * it on the rtr queue.
11049	 */
11050	if (lun == NULL) {
11051		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11052			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11053			ctl_enqueue_rtr((union ctl_io *)ctsio);
11054			return (retval);
11055		}
11056
11057		ctl_set_unsupported_lun(ctsio);
11058		ctl_done((union ctl_io *)ctsio);
11059		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11060		return (retval);
11061	} else {
11062		/*
11063		 * Make sure we support this particular command on this LUN.
11064		 * e.g., we don't support writes to the control LUN.
11065		 */
11066		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11067			mtx_unlock(&lun->lun_lock);
11068			ctl_set_invalid_opcode(ctsio);
11069			ctl_done((union ctl_io *)ctsio);
11070			return (retval);
11071		}
11072	}
11073
11074	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11075
11076#ifdef CTL_WITH_CA
11077	/*
11078	 * If we've got a request sense, it'll clear the contingent
11079	 * allegiance condition.  Otherwise, if we have a CA condition for
11080	 * this initiator, clear it, because it sent down a command other
11081	 * than request sense.
11082	 */
11083	if ((ctsio->cdb[0] != REQUEST_SENSE)
11084	 && (ctl_is_set(lun->have_ca, initidx)))
11085		ctl_clear_mask(lun->have_ca, initidx);
11086#endif
11087
11088	/*
11089	 * If the command has this flag set, it handles its own unit
11090	 * attention reporting, we shouldn't do anything.  Otherwise we
11091	 * check for any pending unit attentions, and send them back to the
11092	 * initiator.  We only do this when a command initially comes in,
11093	 * not when we pull it off the blocked queue.
11094	 *
11095	 * According to SAM-3, section 5.3.2, the order that things get
11096	 * presented back to the host is basically unit attentions caused
11097	 * by some sort of reset event, busy status, reservation conflicts
11098	 * or task set full, and finally any other status.
11099	 *
11100	 * One issue here is that some of the unit attentions we report
11101	 * don't fall into the "reset" category (e.g. "reported luns data
11102	 * has changed").  So reporting it here, before the reservation
11103	 * check, may be technically wrong.  I guess the only thing to do
11104	 * would be to check for and report the reset events here, and then
11105	 * check for the other unit attention types after we check for a
11106	 * reservation conflict.
11107	 *
11108	 * XXX KDM need to fix this
11109	 */
11110	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11111		ctl_ua_type ua_type;
11112
11113		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11114		    SSD_TYPE_NONE);
11115		if (ua_type != CTL_UA_NONE) {
11116			mtx_unlock(&lun->lun_lock);
11117			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11118			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11119			ctsio->sense_len = SSD_FULL_SIZE;
11120			ctl_done((union ctl_io *)ctsio);
11121			return (retval);
11122		}
11123	}
11124
11125
11126	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11127		mtx_unlock(&lun->lun_lock);
11128		ctl_done((union ctl_io *)ctsio);
11129		return (retval);
11130	}
11131
11132	/*
11133	 * XXX CHD this is where we want to send IO to other side if
11134	 * this LUN is secondary on this SC. We will need to make a copy
11135	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11136	 * the copy we send as FROM_OTHER.
11137	 * We also need to stuff the address of the original IO so we can
11138	 * find it easily. Something similar will need be done on the other
11139	 * side so when we are done we can find the copy.
11140	 */
11141	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11142	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11143	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11144		union ctl_ha_msg msg_info;
11145		int isc_retval;
11146
11147		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11148		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11149		mtx_unlock(&lun->lun_lock);
11150
11151		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11152		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11153		msg_info.hdr.serializing_sc = NULL;
11154		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11155		msg_info.scsi.tag_num = ctsio->tag_num;
11156		msg_info.scsi.tag_type = ctsio->tag_type;
11157		msg_info.scsi.cdb_len = ctsio->cdb_len;
11158		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11159
11160		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11161		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11162		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11163			ctl_set_busy(ctsio);
11164			ctl_done((union ctl_io *)ctsio);
11165			return (retval);
11166		}
11167		return (retval);
11168	}
11169
11170	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11171			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11172			      ctl_ooaq, ooa_links))) {
11173	case CTL_ACTION_BLOCK:
11174		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11175		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11176				  blocked_links);
11177		mtx_unlock(&lun->lun_lock);
11178		return (retval);
11179	case CTL_ACTION_PASS:
11180	case CTL_ACTION_SKIP:
11181		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11182		mtx_unlock(&lun->lun_lock);
11183		ctl_enqueue_rtr((union ctl_io *)ctsio);
11184		break;
11185	case CTL_ACTION_OVERLAP:
11186		mtx_unlock(&lun->lun_lock);
11187		ctl_set_overlapped_cmd(ctsio);
11188		ctl_done((union ctl_io *)ctsio);
11189		break;
11190	case CTL_ACTION_OVERLAP_TAG:
11191		mtx_unlock(&lun->lun_lock);
11192		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11193		ctl_done((union ctl_io *)ctsio);
11194		break;
11195	case CTL_ACTION_ERROR:
11196	default:
11197		mtx_unlock(&lun->lun_lock);
11198		ctl_set_internal_failure(ctsio,
11199					 /*sks_valid*/ 0,
11200					 /*retry_count*/ 0);
11201		ctl_done((union ctl_io *)ctsio);
11202		break;
11203	}
11204	return (retval);
11205}
11206
11207const struct ctl_cmd_entry *
11208ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11209{
11210	const struct ctl_cmd_entry *entry;
11211	int service_action;
11212
11213	entry = &ctl_cmd_table[ctsio->cdb[0]];
11214	if (sa)
11215		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11216	if (entry->flags & CTL_CMD_FLAG_SA5) {
11217		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11218		entry = &((const struct ctl_cmd_entry *)
11219		    entry->execute)[service_action];
11220	}
11221	return (entry);
11222}
11223
11224const struct ctl_cmd_entry *
11225ctl_validate_command(struct ctl_scsiio *ctsio)
11226{
11227	const struct ctl_cmd_entry *entry;
11228	int i, sa;
11229	uint8_t diff;
11230
11231	entry = ctl_get_cmd_entry(ctsio, &sa);
11232	if (entry->execute == NULL) {
11233		if (sa)
11234			ctl_set_invalid_field(ctsio,
11235					      /*sks_valid*/ 1,
11236					      /*command*/ 1,
11237					      /*field*/ 1,
11238					      /*bit_valid*/ 1,
11239					      /*bit*/ 4);
11240		else
11241			ctl_set_invalid_opcode(ctsio);
11242		ctl_done((union ctl_io *)ctsio);
11243		return (NULL);
11244	}
11245	KASSERT(entry->length > 0,
11246	    ("Not defined length for command 0x%02x/0x%02x",
11247	     ctsio->cdb[0], ctsio->cdb[1]));
11248	for (i = 1; i < entry->length; i++) {
11249		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11250		if (diff == 0)
11251			continue;
11252		ctl_set_invalid_field(ctsio,
11253				      /*sks_valid*/ 1,
11254				      /*command*/ 1,
11255				      /*field*/ i,
11256				      /*bit_valid*/ 1,
11257				      /*bit*/ fls(diff) - 1);
11258		ctl_done((union ctl_io *)ctsio);
11259		return (NULL);
11260	}
11261	return (entry);
11262}
11263
11264static int
11265ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11266{
11267
11268	switch (lun_type) {
11269	case T_PROCESSOR:
11270		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11271			return (0);
11272		break;
11273	case T_DIRECT:
11274		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11275			return (0);
11276		break;
11277	default:
11278		return (0);
11279	}
11280	return (1);
11281}
11282
11283static int
11284ctl_scsiio(struct ctl_scsiio *ctsio)
11285{
11286	int retval;
11287	const struct ctl_cmd_entry *entry;
11288
11289	retval = CTL_RETVAL_COMPLETE;
11290
11291	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11292
11293	entry = ctl_get_cmd_entry(ctsio, NULL);
11294
11295	/*
11296	 * If this I/O has been aborted, just send it straight to
11297	 * ctl_done() without executing it.
11298	 */
11299	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11300		ctl_done((union ctl_io *)ctsio);
11301		goto bailout;
11302	}
11303
11304	/*
11305	 * All the checks should have been handled by ctl_scsiio_precheck().
11306	 * We should be clear now to just execute the I/O.
11307	 */
11308	retval = entry->execute(ctsio);
11309
11310bailout:
11311	return (retval);
11312}
11313
11314/*
11315 * Since we only implement one target right now, a bus reset simply resets
11316 * our single target.
11317 */
11318static int
11319ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11320{
11321	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11322}
11323
11324static int
11325ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11326		 ctl_ua_type ua_type)
11327{
11328	struct ctl_port *port;
11329	struct ctl_lun *lun;
11330	int retval;
11331
11332	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11333		union ctl_ha_msg msg_info;
11334
11335		msg_info.hdr.nexus = io->io_hdr.nexus;
11336		if (ua_type==CTL_UA_TARG_RESET)
11337			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11338		else
11339			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11340		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11341		msg_info.hdr.original_sc = NULL;
11342		msg_info.hdr.serializing_sc = NULL;
11343		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11344		    sizeof(msg_info.task), M_WAITOK);
11345	}
11346	retval = 0;
11347
11348	mtx_lock(&softc->ctl_lock);
11349	port = ctl_io_port(&io->io_hdr);
11350	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11351		if (port != NULL &&
11352		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11353			continue;
11354		retval += ctl_do_lun_reset(lun, io, ua_type);
11355	}
11356	mtx_unlock(&softc->ctl_lock);
11357	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11358	return (retval);
11359}
11360
11361/*
11362 * The LUN should always be set.  The I/O is optional, and is used to
11363 * distinguish between I/Os sent by this initiator, and by other
11364 * initiators.  We set unit attention for initiators other than this one.
11365 * SAM-3 is vague on this point.  It does say that a unit attention should
11366 * be established for other initiators when a LUN is reset (see section
11367 * 5.7.3), but it doesn't specifically say that the unit attention should
11368 * be established for this particular initiator when a LUN is reset.  Here
11369 * is the relevant text, from SAM-3 rev 8:
11370 *
11371 * 5.7.2 When a SCSI initiator port aborts its own tasks
11372 *
11373 * When a SCSI initiator port causes its own task(s) to be aborted, no
11374 * notification that the task(s) have been aborted shall be returned to
11375 * the SCSI initiator port other than the completion response for the
11376 * command or task management function action that caused the task(s) to
11377 * be aborted and notification(s) associated with related effects of the
11378 * action (e.g., a reset unit attention condition).
11379 *
11380 * XXX KDM for now, we're setting unit attention for all initiators.
11381 */
11382static int
11383ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11384{
11385	union ctl_io *xio;
11386#if 0
11387	uint32_t initidx;
11388#endif
11389#ifdef CTL_WITH_CA
11390	int i;
11391#endif
11392
11393	mtx_lock(&lun->lun_lock);
11394	/*
11395	 * Run through the OOA queue and abort each I/O.
11396	 */
11397	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11398	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11399		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11400	}
11401
11402	/*
11403	 * This version sets unit attention for every
11404	 */
11405#if 0
11406	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11407	ctl_est_ua_all(lun, initidx, ua_type);
11408#else
11409	ctl_est_ua_all(lun, -1, ua_type);
11410#endif
11411
11412	/*
11413	 * A reset (any kind, really) clears reservations established with
11414	 * RESERVE/RELEASE.  It does not clear reservations established
11415	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11416	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11417	 * reservations made with the RESERVE/RELEASE commands, because
11418	 * those commands are obsolete in SPC-3.
11419	 */
11420	lun->flags &= ~CTL_LUN_RESERVED;
11421
11422#ifdef CTL_WITH_CA
11423	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11424		ctl_clear_mask(lun->have_ca, i);
11425#endif
11426	mtx_unlock(&lun->lun_lock);
11427
11428	return (0);
11429}
11430
11431static int
11432ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11433{
11434	struct ctl_lun *lun;
11435	uint32_t targ_lun;
11436	int retval;
11437
11438	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11439	mtx_lock(&softc->ctl_lock);
11440	if ((targ_lun >= CTL_MAX_LUNS) ||
11441	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11442		mtx_unlock(&softc->ctl_lock);
11443		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11444		return (1);
11445	}
11446	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11447	mtx_unlock(&softc->ctl_lock);
11448	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11449
11450	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11451		union ctl_ha_msg msg_info;
11452
11453		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11454		msg_info.hdr.nexus = io->io_hdr.nexus;
11455		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11456		msg_info.hdr.original_sc = NULL;
11457		msg_info.hdr.serializing_sc = NULL;
11458		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11459		    sizeof(msg_info.task), M_WAITOK);
11460	}
11461	return (retval);
11462}
11463
11464static void
11465ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11466    int other_sc)
11467{
11468	union ctl_io *xio;
11469
11470	mtx_assert(&lun->lun_lock, MA_OWNED);
11471
11472	/*
11473	 * Run through the OOA queue and attempt to find the given I/O.
11474	 * The target port, initiator ID, tag type and tag number have to
11475	 * match the values that we got from the initiator.  If we have an
11476	 * untagged command to abort, simply abort the first untagged command
11477	 * we come to.  We only allow one untagged command at a time of course.
11478	 */
11479	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11480	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11481
11482		if ((targ_port == UINT32_MAX ||
11483		     targ_port == xio->io_hdr.nexus.targ_port) &&
11484		    (init_id == UINT32_MAX ||
11485		     init_id == xio->io_hdr.nexus.initid)) {
11486			if (targ_port != xio->io_hdr.nexus.targ_port ||
11487			    init_id != xio->io_hdr.nexus.initid)
11488				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11489			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11490			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11491				union ctl_ha_msg msg_info;
11492
11493				msg_info.hdr.nexus = xio->io_hdr.nexus;
11494				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11495				msg_info.task.tag_num = xio->scsiio.tag_num;
11496				msg_info.task.tag_type = xio->scsiio.tag_type;
11497				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11498				msg_info.hdr.original_sc = NULL;
11499				msg_info.hdr.serializing_sc = NULL;
11500				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11501				    sizeof(msg_info.task), M_NOWAIT);
11502			}
11503		}
11504	}
11505}
11506
11507static int
11508ctl_abort_task_set(union ctl_io *io)
11509{
11510	struct ctl_softc *softc = control_softc;
11511	struct ctl_lun *lun;
11512	uint32_t targ_lun;
11513
11514	/*
11515	 * Look up the LUN.
11516	 */
11517	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11518	mtx_lock(&softc->ctl_lock);
11519	if ((targ_lun >= CTL_MAX_LUNS) ||
11520	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11521		mtx_unlock(&softc->ctl_lock);
11522		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11523		return (1);
11524	}
11525
11526	mtx_lock(&lun->lun_lock);
11527	mtx_unlock(&softc->ctl_lock);
11528	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11529		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11530		    io->io_hdr.nexus.initid,
11531		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11532	} else { /* CTL_TASK_CLEAR_TASK_SET */
11533		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11534		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11535	}
11536	mtx_unlock(&lun->lun_lock);
11537	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11538	return (0);
11539}
11540
11541static int
11542ctl_i_t_nexus_reset(union ctl_io *io)
11543{
11544	struct ctl_softc *softc = control_softc;
11545	struct ctl_lun *lun;
11546	uint32_t initidx;
11547
11548	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11549		union ctl_ha_msg msg_info;
11550
11551		msg_info.hdr.nexus = io->io_hdr.nexus;
11552		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11553		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11554		msg_info.hdr.original_sc = NULL;
11555		msg_info.hdr.serializing_sc = NULL;
11556		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11557		    sizeof(msg_info.task), M_WAITOK);
11558	}
11559
11560	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11561	mtx_lock(&softc->ctl_lock);
11562	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11563		mtx_lock(&lun->lun_lock);
11564		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11565		    io->io_hdr.nexus.initid, 1);
11566#ifdef CTL_WITH_CA
11567		ctl_clear_mask(lun->have_ca, initidx);
11568#endif
11569		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11570			lun->flags &= ~CTL_LUN_RESERVED;
11571		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11572		mtx_unlock(&lun->lun_lock);
11573	}
11574	mtx_unlock(&softc->ctl_lock);
11575	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11576	return (0);
11577}
11578
11579static int
11580ctl_abort_task(union ctl_io *io)
11581{
11582	union ctl_io *xio;
11583	struct ctl_lun *lun;
11584	struct ctl_softc *softc;
11585#if 0
11586	struct sbuf sb;
11587	char printbuf[128];
11588#endif
11589	int found;
11590	uint32_t targ_lun;
11591
11592	softc = control_softc;
11593	found = 0;
11594
11595	/*
11596	 * Look up the LUN.
11597	 */
11598	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11599	mtx_lock(&softc->ctl_lock);
11600	if ((targ_lun >= CTL_MAX_LUNS) ||
11601	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11602		mtx_unlock(&softc->ctl_lock);
11603		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11604		return (1);
11605	}
11606
11607#if 0
11608	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11609	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11610#endif
11611
11612	mtx_lock(&lun->lun_lock);
11613	mtx_unlock(&softc->ctl_lock);
11614	/*
11615	 * Run through the OOA queue and attempt to find the given I/O.
11616	 * The target port, initiator ID, tag type and tag number have to
11617	 * match the values that we got from the initiator.  If we have an
11618	 * untagged command to abort, simply abort the first untagged command
11619	 * we come to.  We only allow one untagged command at a time of course.
11620	 */
11621	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11622	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11623#if 0
11624		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11625
11626		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11627			    lun->lun, xio->scsiio.tag_num,
11628			    xio->scsiio.tag_type,
11629			    (xio->io_hdr.blocked_links.tqe_prev
11630			    == NULL) ? "" : " BLOCKED",
11631			    (xio->io_hdr.flags &
11632			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11633			    (xio->io_hdr.flags &
11634			    CTL_FLAG_ABORT) ? " ABORT" : "",
11635			    (xio->io_hdr.flags &
11636			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11637		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11638		sbuf_finish(&sb);
11639		printf("%s\n", sbuf_data(&sb));
11640#endif
11641
11642		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11643		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11644		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11645			continue;
11646
11647		/*
11648		 * If the abort says that the task is untagged, the
11649		 * task in the queue must be untagged.  Otherwise,
11650		 * we just check to see whether the tag numbers
11651		 * match.  This is because the QLogic firmware
11652		 * doesn't pass back the tag type in an abort
11653		 * request.
11654		 */
11655#if 0
11656		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11657		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11658		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11659#endif
11660		/*
11661		 * XXX KDM we've got problems with FC, because it
11662		 * doesn't send down a tag type with aborts.  So we
11663		 * can only really go by the tag number...
11664		 * This may cause problems with parallel SCSI.
11665		 * Need to figure that out!!
11666		 */
11667		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11668			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11669			found = 1;
11670			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11671			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11672				union ctl_ha_msg msg_info;
11673
11674				msg_info.hdr.nexus = io->io_hdr.nexus;
11675				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11676				msg_info.task.tag_num = io->taskio.tag_num;
11677				msg_info.task.tag_type = io->taskio.tag_type;
11678				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11679				msg_info.hdr.original_sc = NULL;
11680				msg_info.hdr.serializing_sc = NULL;
11681#if 0
11682				printf("Sent Abort to other side\n");
11683#endif
11684				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11685				    sizeof(msg_info.task), M_NOWAIT);
11686			}
11687#if 0
11688			printf("ctl_abort_task: found I/O to abort\n");
11689#endif
11690		}
11691	}
11692	mtx_unlock(&lun->lun_lock);
11693
11694	if (found == 0) {
11695		/*
11696		 * This isn't really an error.  It's entirely possible for
11697		 * the abort and command completion to cross on the wire.
11698		 * This is more of an informative/diagnostic error.
11699		 */
11700#if 0
11701		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11702		       "%u:%u:%u tag %d type %d\n",
11703		       io->io_hdr.nexus.initid,
11704		       io->io_hdr.nexus.targ_port,
11705		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11706		       io->taskio.tag_type);
11707#endif
11708	}
11709	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11710	return (0);
11711}
11712
11713static int
11714ctl_query_task(union ctl_io *io, int task_set)
11715{
11716	union ctl_io *xio;
11717	struct ctl_lun *lun;
11718	struct ctl_softc *softc;
11719	int found = 0;
11720	uint32_t targ_lun;
11721
11722	softc = control_softc;
11723	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11724	mtx_lock(&softc->ctl_lock);
11725	if ((targ_lun >= CTL_MAX_LUNS) ||
11726	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11727		mtx_unlock(&softc->ctl_lock);
11728		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11729		return (1);
11730	}
11731	mtx_lock(&lun->lun_lock);
11732	mtx_unlock(&softc->ctl_lock);
11733	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11734	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11735
11736		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11737		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11738		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11739			continue;
11740
11741		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11742			found = 1;
11743			break;
11744		}
11745	}
11746	mtx_unlock(&lun->lun_lock);
11747	if (found)
11748		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11749	else
11750		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11751	return (0);
11752}
11753
11754static int
11755ctl_query_async_event(union ctl_io *io)
11756{
11757	struct ctl_lun *lun;
11758	struct ctl_softc *softc;
11759	ctl_ua_type ua;
11760	uint32_t targ_lun, initidx;
11761
11762	softc = control_softc;
11763	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11764	mtx_lock(&softc->ctl_lock);
11765	if ((targ_lun >= CTL_MAX_LUNS) ||
11766	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11767		mtx_unlock(&softc->ctl_lock);
11768		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11769		return (1);
11770	}
11771	mtx_lock(&lun->lun_lock);
11772	mtx_unlock(&softc->ctl_lock);
11773	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11774	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11775	mtx_unlock(&lun->lun_lock);
11776	if (ua != CTL_UA_NONE)
11777		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11778	else
11779		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11780	return (0);
11781}
11782
11783static void
11784ctl_run_task(union ctl_io *io)
11785{
11786	struct ctl_softc *softc = control_softc;
11787	int retval = 1;
11788
11789	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11790	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11791	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11792	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11793	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11794	switch (io->taskio.task_action) {
11795	case CTL_TASK_ABORT_TASK:
11796		retval = ctl_abort_task(io);
11797		break;
11798	case CTL_TASK_ABORT_TASK_SET:
11799	case CTL_TASK_CLEAR_TASK_SET:
11800		retval = ctl_abort_task_set(io);
11801		break;
11802	case CTL_TASK_CLEAR_ACA:
11803		break;
11804	case CTL_TASK_I_T_NEXUS_RESET:
11805		retval = ctl_i_t_nexus_reset(io);
11806		break;
11807	case CTL_TASK_LUN_RESET:
11808		retval = ctl_lun_reset(softc, io);
11809		break;
11810	case CTL_TASK_TARGET_RESET:
11811		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11812		break;
11813	case CTL_TASK_BUS_RESET:
11814		retval = ctl_bus_reset(softc, io);
11815		break;
11816	case CTL_TASK_PORT_LOGIN:
11817		break;
11818	case CTL_TASK_PORT_LOGOUT:
11819		break;
11820	case CTL_TASK_QUERY_TASK:
11821		retval = ctl_query_task(io, 0);
11822		break;
11823	case CTL_TASK_QUERY_TASK_SET:
11824		retval = ctl_query_task(io, 1);
11825		break;
11826	case CTL_TASK_QUERY_ASYNC_EVENT:
11827		retval = ctl_query_async_event(io);
11828		break;
11829	default:
11830		printf("%s: got unknown task management event %d\n",
11831		       __func__, io->taskio.task_action);
11832		break;
11833	}
11834	if (retval == 0)
11835		io->io_hdr.status = CTL_SUCCESS;
11836	else
11837		io->io_hdr.status = CTL_ERROR;
11838	ctl_done(io);
11839}
11840
11841/*
11842 * For HA operation.  Handle commands that come in from the other
11843 * controller.
11844 */
11845static void
11846ctl_handle_isc(union ctl_io *io)
11847{
11848	int free_io;
11849	struct ctl_lun *lun;
11850	struct ctl_softc *softc = control_softc;
11851	uint32_t targ_lun;
11852
11853	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11854	lun = softc->ctl_luns[targ_lun];
11855
11856	switch (io->io_hdr.msg_type) {
11857	case CTL_MSG_SERIALIZE:
11858		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11859		break;
11860	case CTL_MSG_R2R: {
11861		const struct ctl_cmd_entry *entry;
11862
11863		/*
11864		 * This is only used in SER_ONLY mode.
11865		 */
11866		free_io = 0;
11867		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11868		mtx_lock(&lun->lun_lock);
11869		if (ctl_scsiio_lun_check(lun,
11870		    entry, (struct ctl_scsiio *)io) != 0) {
11871			mtx_unlock(&lun->lun_lock);
11872			ctl_done(io);
11873			break;
11874		}
11875		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11876		mtx_unlock(&lun->lun_lock);
11877		ctl_enqueue_rtr(io);
11878		break;
11879	}
11880	case CTL_MSG_FINISH_IO:
11881		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11882			free_io = 0;
11883			ctl_done(io);
11884		} else {
11885			free_io = 1;
11886			mtx_lock(&lun->lun_lock);
11887			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11888				     ooa_links);
11889			ctl_check_blocked(lun);
11890			mtx_unlock(&lun->lun_lock);
11891		}
11892		break;
11893	case CTL_MSG_PERS_ACTION:
11894		ctl_hndl_per_res_out_on_other_sc(
11895			(union ctl_ha_msg *)&io->presio.pr_msg);
11896		free_io = 1;
11897		break;
11898	case CTL_MSG_BAD_JUJU:
11899		free_io = 0;
11900		ctl_done(io);
11901		break;
11902	case CTL_MSG_DATAMOVE:
11903		/* Only used in XFER mode */
11904		free_io = 0;
11905		ctl_datamove_remote(io);
11906		break;
11907	case CTL_MSG_DATAMOVE_DONE:
11908		/* Only used in XFER mode */
11909		free_io = 0;
11910		io->scsiio.be_move_done(io);
11911		break;
11912	case CTL_MSG_FAILOVER:
11913		ctl_failover_lun(io);
11914		free_io = 1;
11915		break;
11916	default:
11917		free_io = 1;
11918		printf("%s: Invalid message type %d\n",
11919		       __func__, io->io_hdr.msg_type);
11920		break;
11921	}
11922	if (free_io)
11923		ctl_free_io(io);
11924
11925}
11926
11927
11928/*
11929 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11930 * there is no match.
11931 */
11932static ctl_lun_error_pattern
11933ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11934{
11935	const struct ctl_cmd_entry *entry;
11936	ctl_lun_error_pattern filtered_pattern, pattern;
11937
11938	pattern = desc->error_pattern;
11939
11940	/*
11941	 * XXX KDM we need more data passed into this function to match a
11942	 * custom pattern, and we actually need to implement custom pattern
11943	 * matching.
11944	 */
11945	if (pattern & CTL_LUN_PAT_CMD)
11946		return (CTL_LUN_PAT_CMD);
11947
11948	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11949		return (CTL_LUN_PAT_ANY);
11950
11951	entry = ctl_get_cmd_entry(ctsio, NULL);
11952
11953	filtered_pattern = entry->pattern & pattern;
11954
11955	/*
11956	 * If the user requested specific flags in the pattern (e.g.
11957	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11958	 * flags.
11959	 *
11960	 * If the user did not specify any flags, it doesn't matter whether
11961	 * or not the command supports the flags.
11962	 */
11963	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11964	     (pattern & ~CTL_LUN_PAT_MASK))
11965		return (CTL_LUN_PAT_NONE);
11966
11967	/*
11968	 * If the user asked for a range check, see if the requested LBA
11969	 * range overlaps with this command's LBA range.
11970	 */
11971	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
11972		uint64_t lba1;
11973		uint64_t len1;
11974		ctl_action action;
11975		int retval;
11976
11977		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
11978		if (retval != 0)
11979			return (CTL_LUN_PAT_NONE);
11980
11981		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
11982					      desc->lba_range.len, FALSE);
11983		/*
11984		 * A "pass" means that the LBA ranges don't overlap, so
11985		 * this doesn't match the user's range criteria.
11986		 */
11987		if (action == CTL_ACTION_PASS)
11988			return (CTL_LUN_PAT_NONE);
11989	}
11990
11991	return (filtered_pattern);
11992}
11993
11994static void
11995ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
11996{
11997	struct ctl_error_desc *desc, *desc2;
11998
11999	mtx_assert(&lun->lun_lock, MA_OWNED);
12000
12001	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12002		ctl_lun_error_pattern pattern;
12003		/*
12004		 * Check to see whether this particular command matches
12005		 * the pattern in the descriptor.
12006		 */
12007		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12008		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12009			continue;
12010
12011		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12012		case CTL_LUN_INJ_ABORTED:
12013			ctl_set_aborted(&io->scsiio);
12014			break;
12015		case CTL_LUN_INJ_MEDIUM_ERR:
12016			ctl_set_medium_error(&io->scsiio,
12017			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12018			     CTL_FLAG_DATA_OUT);
12019			break;
12020		case CTL_LUN_INJ_UA:
12021			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12022			 * OCCURRED */
12023			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12024			break;
12025		case CTL_LUN_INJ_CUSTOM:
12026			/*
12027			 * We're assuming the user knows what he is doing.
12028			 * Just copy the sense information without doing
12029			 * checks.
12030			 */
12031			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12032			      MIN(sizeof(desc->custom_sense),
12033				  sizeof(io->scsiio.sense_data)));
12034			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12035			io->scsiio.sense_len = SSD_FULL_SIZE;
12036			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12037			break;
12038		case CTL_LUN_INJ_NONE:
12039		default:
12040			/*
12041			 * If this is an error injection type we don't know
12042			 * about, clear the continuous flag (if it is set)
12043			 * so it will get deleted below.
12044			 */
12045			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12046			break;
12047		}
12048		/*
12049		 * By default, each error injection action is a one-shot
12050		 */
12051		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12052			continue;
12053
12054		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12055
12056		free(desc, M_CTL);
12057	}
12058}
12059
12060#ifdef CTL_IO_DELAY
12061static void
12062ctl_datamove_timer_wakeup(void *arg)
12063{
12064	union ctl_io *io;
12065
12066	io = (union ctl_io *)arg;
12067
12068	ctl_datamove(io);
12069}
12070#endif /* CTL_IO_DELAY */
12071
12072void
12073ctl_datamove(union ctl_io *io)
12074{
12075	struct ctl_lun *lun;
12076	void (*fe_datamove)(union ctl_io *io);
12077
12078	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12079
12080	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12081
12082	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12083#ifdef CTL_TIME_IO
12084	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12085		char str[256];
12086		char path_str[64];
12087		struct sbuf sb;
12088
12089		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12090		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12091
12092		sbuf_cat(&sb, path_str);
12093		switch (io->io_hdr.io_type) {
12094		case CTL_IO_SCSI:
12095			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12096			sbuf_printf(&sb, "\n");
12097			sbuf_cat(&sb, path_str);
12098			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12099				    io->scsiio.tag_num, io->scsiio.tag_type);
12100			break;
12101		case CTL_IO_TASK:
12102			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12103				    "Tag Type: %d\n", io->taskio.task_action,
12104				    io->taskio.tag_num, io->taskio.tag_type);
12105			break;
12106		default:
12107			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12108			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12109			break;
12110		}
12111		sbuf_cat(&sb, path_str);
12112		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12113			    (intmax_t)time_uptime - io->io_hdr.start_time);
12114		sbuf_finish(&sb);
12115		printf("%s", sbuf_data(&sb));
12116	}
12117#endif /* CTL_TIME_IO */
12118
12119#ifdef CTL_IO_DELAY
12120	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12121		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12122	} else {
12123		if ((lun != NULL)
12124		 && (lun->delay_info.datamove_delay > 0)) {
12125
12126			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12127			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12128			callout_reset(&io->io_hdr.delay_callout,
12129				      lun->delay_info.datamove_delay * hz,
12130				      ctl_datamove_timer_wakeup, io);
12131			if (lun->delay_info.datamove_type ==
12132			    CTL_DELAY_TYPE_ONESHOT)
12133				lun->delay_info.datamove_delay = 0;
12134			return;
12135		}
12136	}
12137#endif
12138
12139	/*
12140	 * This command has been aborted.  Set the port status, so we fail
12141	 * the data move.
12142	 */
12143	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12144		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12145		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12146		       io->io_hdr.nexus.targ_port,
12147		       io->io_hdr.nexus.targ_lun);
12148		io->io_hdr.port_status = 31337;
12149		/*
12150		 * Note that the backend, in this case, will get the
12151		 * callback in its context.  In other cases it may get
12152		 * called in the frontend's interrupt thread context.
12153		 */
12154		io->scsiio.be_move_done(io);
12155		return;
12156	}
12157
12158	/* Don't confuse frontend with zero length data move. */
12159	if (io->scsiio.kern_data_len == 0) {
12160		io->scsiio.be_move_done(io);
12161		return;
12162	}
12163
12164	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12165	fe_datamove(io);
12166}
12167
12168static void
12169ctl_send_datamove_done(union ctl_io *io, int have_lock)
12170{
12171	union ctl_ha_msg msg;
12172#ifdef CTL_TIME_IO
12173	struct bintime cur_bt;
12174#endif
12175
12176	memset(&msg, 0, sizeof(msg));
12177	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12178	msg.hdr.original_sc = io;
12179	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12180	msg.hdr.nexus = io->io_hdr.nexus;
12181	msg.hdr.status = io->io_hdr.status;
12182	msg.scsi.tag_num = io->scsiio.tag_num;
12183	msg.scsi.tag_type = io->scsiio.tag_type;
12184	msg.scsi.scsi_status = io->scsiio.scsi_status;
12185	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12186	       io->scsiio.sense_len);
12187	msg.scsi.sense_len = io->scsiio.sense_len;
12188	msg.scsi.sense_residual = io->scsiio.sense_residual;
12189	msg.scsi.fetd_status = io->io_hdr.port_status;
12190	msg.scsi.residual = io->scsiio.residual;
12191	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12192	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12193		ctl_failover_io(io, /*have_lock*/ have_lock);
12194		return;
12195	}
12196	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12197	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12198	    msg.scsi.sense_len, M_WAITOK);
12199
12200#ifdef CTL_TIME_IO
12201	getbinuptime(&cur_bt);
12202	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12203	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12204#endif
12205	io->io_hdr.num_dmas++;
12206}
12207
12208/*
12209 * The DMA to the remote side is done, now we need to tell the other side
12210 * we're done so it can continue with its data movement.
12211 */
12212static void
12213ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12214{
12215	union ctl_io *io;
12216	int i;
12217
12218	io = rq->context;
12219
12220	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12221		printf("%s: ISC DMA write failed with error %d", __func__,
12222		       rq->ret);
12223		ctl_set_internal_failure(&io->scsiio,
12224					 /*sks_valid*/ 1,
12225					 /*retry_count*/ rq->ret);
12226	}
12227
12228	ctl_dt_req_free(rq);
12229
12230	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12231		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12232	free(io->io_hdr.remote_sglist, M_CTL);
12233	io->io_hdr.remote_sglist = NULL;
12234	io->io_hdr.local_sglist = NULL;
12235
12236	/*
12237	 * The data is in local and remote memory, so now we need to send
12238	 * status (good or back) back to the other side.
12239	 */
12240	ctl_send_datamove_done(io, /*have_lock*/ 0);
12241}
12242
12243/*
12244 * We've moved the data from the host/controller into local memory.  Now we
12245 * need to push it over to the remote controller's memory.
12246 */
12247static int
12248ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12249{
12250	int retval;
12251
12252	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12253					  ctl_datamove_remote_write_cb);
12254	return (retval);
12255}
12256
12257static void
12258ctl_datamove_remote_write(union ctl_io *io)
12259{
12260	int retval;
12261	void (*fe_datamove)(union ctl_io *io);
12262
12263	/*
12264	 * - Get the data from the host/HBA into local memory.
12265	 * - DMA memory from the local controller to the remote controller.
12266	 * - Send status back to the remote controller.
12267	 */
12268
12269	retval = ctl_datamove_remote_sgl_setup(io);
12270	if (retval != 0)
12271		return;
12272
12273	/* Switch the pointer over so the FETD knows what to do */
12274	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12275
12276	/*
12277	 * Use a custom move done callback, since we need to send completion
12278	 * back to the other controller, not to the backend on this side.
12279	 */
12280	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12281
12282	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12283	fe_datamove(io);
12284}
12285
12286static int
12287ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12288{
12289#if 0
12290	char str[256];
12291	char path_str[64];
12292	struct sbuf sb;
12293#endif
12294	int i;
12295
12296	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12297		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12298	free(io->io_hdr.remote_sglist, M_CTL);
12299	io->io_hdr.remote_sglist = NULL;
12300	io->io_hdr.local_sglist = NULL;
12301
12302#if 0
12303	scsi_path_string(io, path_str, sizeof(path_str));
12304	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12305	sbuf_cat(&sb, path_str);
12306	scsi_command_string(&io->scsiio, NULL, &sb);
12307	sbuf_printf(&sb, "\n");
12308	sbuf_cat(&sb, path_str);
12309	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12310		    io->scsiio.tag_num, io->scsiio.tag_type);
12311	sbuf_cat(&sb, path_str);
12312	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12313		    io->io_hdr.flags, io->io_hdr.status);
12314	sbuf_finish(&sb);
12315	printk("%s", sbuf_data(&sb));
12316#endif
12317
12318
12319	/*
12320	 * The read is done, now we need to send status (good or bad) back
12321	 * to the other side.
12322	 */
12323	ctl_send_datamove_done(io, /*have_lock*/ 0);
12324
12325	return (0);
12326}
12327
12328static void
12329ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12330{
12331	union ctl_io *io;
12332	void (*fe_datamove)(union ctl_io *io);
12333
12334	io = rq->context;
12335
12336	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12337		printf("%s: ISC DMA read failed with error %d\n", __func__,
12338		       rq->ret);
12339		ctl_set_internal_failure(&io->scsiio,
12340					 /*sks_valid*/ 1,
12341					 /*retry_count*/ rq->ret);
12342	}
12343
12344	ctl_dt_req_free(rq);
12345
12346	/* Switch the pointer over so the FETD knows what to do */
12347	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12348
12349	/*
12350	 * Use a custom move done callback, since we need to send completion
12351	 * back to the other controller, not to the backend on this side.
12352	 */
12353	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12354
12355	/* XXX KDM add checks like the ones in ctl_datamove? */
12356
12357	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12358	fe_datamove(io);
12359}
12360
12361static int
12362ctl_datamove_remote_sgl_setup(union ctl_io *io)
12363{
12364	struct ctl_sg_entry *local_sglist;
12365	uint32_t len_to_go;
12366	int retval;
12367	int i;
12368
12369	retval = 0;
12370	local_sglist = io->io_hdr.local_sglist;
12371	len_to_go = io->scsiio.kern_data_len;
12372
12373	/*
12374	 * The difficult thing here is that the size of the various
12375	 * S/G segments may be different than the size from the
12376	 * remote controller.  That'll make it harder when DMAing
12377	 * the data back to the other side.
12378	 */
12379	for (i = 0; len_to_go > 0; i++) {
12380		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12381		local_sglist[i].addr =
12382		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12383
12384		len_to_go -= local_sglist[i].len;
12385	}
12386	/*
12387	 * Reset the number of S/G entries accordingly.  The original
12388	 * number of S/G entries is available in rem_sg_entries.
12389	 */
12390	io->scsiio.kern_sg_entries = i;
12391
12392#if 0
12393	printf("%s: kern_sg_entries = %d\n", __func__,
12394	       io->scsiio.kern_sg_entries);
12395	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12396		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12397		       local_sglist[i].addr, local_sglist[i].len);
12398#endif
12399
12400	return (retval);
12401}
12402
12403static int
12404ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12405			 ctl_ha_dt_cb callback)
12406{
12407	struct ctl_ha_dt_req *rq;
12408	struct ctl_sg_entry *remote_sglist, *local_sglist;
12409	uint32_t local_used, remote_used, total_used;
12410	int i, j, isc_ret;
12411
12412	rq = ctl_dt_req_alloc();
12413
12414	/*
12415	 * If we failed to allocate the request, and if the DMA didn't fail
12416	 * anyway, set busy status.  This is just a resource allocation
12417	 * failure.
12418	 */
12419	if ((rq == NULL)
12420	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12421	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12422		ctl_set_busy(&io->scsiio);
12423
12424	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12425	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12426
12427		if (rq != NULL)
12428			ctl_dt_req_free(rq);
12429
12430		/*
12431		 * The data move failed.  We need to return status back
12432		 * to the other controller.  No point in trying to DMA
12433		 * data to the remote controller.
12434		 */
12435
12436		ctl_send_datamove_done(io, /*have_lock*/ 0);
12437
12438		return (1);
12439	}
12440
12441	local_sglist = io->io_hdr.local_sglist;
12442	remote_sglist = io->io_hdr.remote_sglist;
12443	local_used = 0;
12444	remote_used = 0;
12445	total_used = 0;
12446
12447	/*
12448	 * Pull/push the data over the wire from/to the other controller.
12449	 * This takes into account the possibility that the local and
12450	 * remote sglists may not be identical in terms of the size of
12451	 * the elements and the number of elements.
12452	 *
12453	 * One fundamental assumption here is that the length allocated for
12454	 * both the local and remote sglists is identical.  Otherwise, we've
12455	 * essentially got a coding error of some sort.
12456	 */
12457	isc_ret = CTL_HA_STATUS_SUCCESS;
12458	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12459		uint32_t cur_len;
12460		uint8_t *tmp_ptr;
12461
12462		rq->command = command;
12463		rq->context = io;
12464
12465		/*
12466		 * Both pointers should be aligned.  But it is possible
12467		 * that the allocation length is not.  They should both
12468		 * also have enough slack left over at the end, though,
12469		 * to round up to the next 8 byte boundary.
12470		 */
12471		cur_len = MIN(local_sglist[i].len - local_used,
12472			      remote_sglist[j].len - remote_used);
12473		rq->size = cur_len;
12474
12475		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12476		tmp_ptr += local_used;
12477
12478#if 0
12479		/* Use physical addresses when talking to ISC hardware */
12480		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12481			/* XXX KDM use busdma */
12482			rq->local = vtophys(tmp_ptr);
12483		} else
12484			rq->local = tmp_ptr;
12485#else
12486		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12487		    ("HA does not support BUS_ADDR"));
12488		rq->local = tmp_ptr;
12489#endif
12490
12491		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12492		tmp_ptr += remote_used;
12493		rq->remote = tmp_ptr;
12494
12495		rq->callback = NULL;
12496
12497		local_used += cur_len;
12498		if (local_used >= local_sglist[i].len) {
12499			i++;
12500			local_used = 0;
12501		}
12502
12503		remote_used += cur_len;
12504		if (remote_used >= remote_sglist[j].len) {
12505			j++;
12506			remote_used = 0;
12507		}
12508		total_used += cur_len;
12509
12510		if (total_used >= io->scsiio.kern_data_len)
12511			rq->callback = callback;
12512
12513#if 0
12514		printf("%s: %s: local %p remote %p size %d\n", __func__,
12515		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12516		       rq->local, rq->remote, rq->size);
12517#endif
12518
12519		isc_ret = ctl_dt_single(rq);
12520		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12521			break;
12522	}
12523	if (isc_ret != CTL_HA_STATUS_WAIT) {
12524		rq->ret = isc_ret;
12525		callback(rq);
12526	}
12527
12528	return (0);
12529}
12530
12531static void
12532ctl_datamove_remote_read(union ctl_io *io)
12533{
12534	int retval;
12535	int i;
12536
12537	/*
12538	 * This will send an error to the other controller in the case of a
12539	 * failure.
12540	 */
12541	retval = ctl_datamove_remote_sgl_setup(io);
12542	if (retval != 0)
12543		return;
12544
12545	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12546					  ctl_datamove_remote_read_cb);
12547	if (retval != 0) {
12548		/*
12549		 * Make sure we free memory if there was an error..  The
12550		 * ctl_datamove_remote_xfer() function will send the
12551		 * datamove done message, or call the callback with an
12552		 * error if there is a problem.
12553		 */
12554		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12555			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12556		free(io->io_hdr.remote_sglist, M_CTL);
12557		io->io_hdr.remote_sglist = NULL;
12558		io->io_hdr.local_sglist = NULL;
12559	}
12560}
12561
12562/*
12563 * Process a datamove request from the other controller.  This is used for
12564 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12565 * first.  Once that is complete, the data gets DMAed into the remote
12566 * controller's memory.  For reads, we DMA from the remote controller's
12567 * memory into our memory first, and then move it out to the FETD.
12568 */
12569static void
12570ctl_datamove_remote(union ctl_io *io)
12571{
12572
12573	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12574
12575	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12576		ctl_failover_io(io, /*have_lock*/ 0);
12577		return;
12578	}
12579
12580	/*
12581	 * Note that we look for an aborted I/O here, but don't do some of
12582	 * the other checks that ctl_datamove() normally does.
12583	 * We don't need to run the datamove delay code, since that should
12584	 * have been done if need be on the other controller.
12585	 */
12586	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12587		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12588		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12589		       io->io_hdr.nexus.targ_port,
12590		       io->io_hdr.nexus.targ_lun);
12591		io->io_hdr.port_status = 31338;
12592		ctl_send_datamove_done(io, /*have_lock*/ 0);
12593		return;
12594	}
12595
12596	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12597		ctl_datamove_remote_write(io);
12598	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12599		ctl_datamove_remote_read(io);
12600	else {
12601		io->io_hdr.port_status = 31339;
12602		ctl_send_datamove_done(io, /*have_lock*/ 0);
12603	}
12604}
12605
12606static void
12607ctl_process_done(union ctl_io *io)
12608{
12609	struct ctl_lun *lun;
12610	struct ctl_softc *softc = control_softc;
12611	void (*fe_done)(union ctl_io *io);
12612	union ctl_ha_msg msg;
12613	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12614
12615	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12616	fe_done = softc->ctl_ports[targ_port]->fe_done;
12617
12618#ifdef CTL_TIME_IO
12619	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12620		char str[256];
12621		char path_str[64];
12622		struct sbuf sb;
12623
12624		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12625		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12626
12627		sbuf_cat(&sb, path_str);
12628		switch (io->io_hdr.io_type) {
12629		case CTL_IO_SCSI:
12630			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12631			sbuf_printf(&sb, "\n");
12632			sbuf_cat(&sb, path_str);
12633			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12634				    io->scsiio.tag_num, io->scsiio.tag_type);
12635			break;
12636		case CTL_IO_TASK:
12637			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12638				    "Tag Type: %d\n", io->taskio.task_action,
12639				    io->taskio.tag_num, io->taskio.tag_type);
12640			break;
12641		default:
12642			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12643			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12644			break;
12645		}
12646		sbuf_cat(&sb, path_str);
12647		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12648			    (intmax_t)time_uptime - io->io_hdr.start_time);
12649		sbuf_finish(&sb);
12650		printf("%s", sbuf_data(&sb));
12651	}
12652#endif /* CTL_TIME_IO */
12653
12654	switch (io->io_hdr.io_type) {
12655	case CTL_IO_SCSI:
12656		break;
12657	case CTL_IO_TASK:
12658		if (ctl_debug & CTL_DEBUG_INFO)
12659			ctl_io_error_print(io, NULL);
12660		fe_done(io);
12661		return;
12662	default:
12663		panic("ctl_process_done: invalid io type %d\n",
12664		      io->io_hdr.io_type);
12665		break; /* NOTREACHED */
12666	}
12667
12668	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12669	if (lun == NULL) {
12670		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12671				 io->io_hdr.nexus.targ_mapped_lun));
12672		goto bailout;
12673	}
12674
12675	mtx_lock(&lun->lun_lock);
12676
12677	/*
12678	 * Check to see if we have any errors to inject here.  We only
12679	 * inject errors for commands that don't already have errors set.
12680	 */
12681	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12682	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12683	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12684		ctl_inject_error(lun, io);
12685
12686	/*
12687	 * XXX KDM how do we treat commands that aren't completed
12688	 * successfully?
12689	 *
12690	 * XXX KDM should we also track I/O latency?
12691	 */
12692	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12693	    io->io_hdr.io_type == CTL_IO_SCSI) {
12694#ifdef CTL_TIME_IO
12695		struct bintime cur_bt;
12696#endif
12697		int type;
12698
12699		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12700		    CTL_FLAG_DATA_IN)
12701			type = CTL_STATS_READ;
12702		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12703		    CTL_FLAG_DATA_OUT)
12704			type = CTL_STATS_WRITE;
12705		else
12706			type = CTL_STATS_NO_IO;
12707
12708		lun->stats.ports[targ_port].bytes[type] +=
12709		    io->scsiio.kern_total_len;
12710		lun->stats.ports[targ_port].operations[type]++;
12711#ifdef CTL_TIME_IO
12712		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12713		   &io->io_hdr.dma_bt);
12714		getbinuptime(&cur_bt);
12715		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12716		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12717#endif
12718		lun->stats.ports[targ_port].num_dmas[type] +=
12719		    io->io_hdr.num_dmas;
12720	}
12721
12722	/*
12723	 * Remove this from the OOA queue.
12724	 */
12725	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12726#ifdef CTL_TIME_IO
12727	if (TAILQ_EMPTY(&lun->ooa_queue))
12728		lun->last_busy = getsbinuptime();
12729#endif
12730
12731	/*
12732	 * Run through the blocked queue on this LUN and see if anything
12733	 * has become unblocked, now that this transaction is done.
12734	 */
12735	ctl_check_blocked(lun);
12736
12737	/*
12738	 * If the LUN has been invalidated, free it if there is nothing
12739	 * left on its OOA queue.
12740	 */
12741	if ((lun->flags & CTL_LUN_INVALID)
12742	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12743		mtx_unlock(&lun->lun_lock);
12744		mtx_lock(&softc->ctl_lock);
12745		ctl_free_lun(lun);
12746		mtx_unlock(&softc->ctl_lock);
12747	} else
12748		mtx_unlock(&lun->lun_lock);
12749
12750bailout:
12751
12752	/*
12753	 * If this command has been aborted, make sure we set the status
12754	 * properly.  The FETD is responsible for freeing the I/O and doing
12755	 * whatever it needs to do to clean up its state.
12756	 */
12757	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12758		ctl_set_task_aborted(&io->scsiio);
12759
12760	/*
12761	 * If enabled, print command error status.
12762	 */
12763	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12764	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12765		ctl_io_error_print(io, NULL);
12766
12767	/*
12768	 * Tell the FETD or the other shelf controller we're done with this
12769	 * command.  Note that only SCSI commands get to this point.  Task
12770	 * management commands are completed above.
12771	 */
12772	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12773	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12774		memset(&msg, 0, sizeof(msg));
12775		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12776		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12777		msg.hdr.nexus = io->io_hdr.nexus;
12778		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12779		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12780		    M_WAITOK);
12781	}
12782
12783	fe_done(io);
12784}
12785
12786#ifdef CTL_WITH_CA
12787/*
12788 * Front end should call this if it doesn't do autosense.  When the request
12789 * sense comes back in from the initiator, we'll dequeue this and send it.
12790 */
12791int
12792ctl_queue_sense(union ctl_io *io)
12793{
12794	struct ctl_lun *lun;
12795	struct ctl_port *port;
12796	struct ctl_softc *softc;
12797	uint32_t initidx, targ_lun;
12798
12799	softc = control_softc;
12800
12801	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
12802
12803	/*
12804	 * LUN lookup will likely move to the ctl_work_thread() once we
12805	 * have our new queueing infrastructure (that doesn't put things on
12806	 * a per-LUN queue initially).  That is so that we can handle
12807	 * things like an INQUIRY to a LUN that we don't have enabled.  We
12808	 * can't deal with that right now.
12809	 */
12810	mtx_lock(&softc->ctl_lock);
12811
12812	/*
12813	 * If we don't have a LUN for this, just toss the sense
12814	 * information.
12815	 */
12816	port = ctl_io_port(&ctsio->io_hdr);
12817	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12818	if ((targ_lun < CTL_MAX_LUNS)
12819	 && (softc->ctl_luns[targ_lun] != NULL))
12820		lun = softc->ctl_luns[targ_lun];
12821	else
12822		goto bailout;
12823
12824	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12825
12826	mtx_lock(&lun->lun_lock);
12827	/*
12828	 * Already have CA set for this LUN...toss the sense information.
12829	 */
12830	if (ctl_is_set(lun->have_ca, initidx)) {
12831		mtx_unlock(&lun->lun_lock);
12832		goto bailout;
12833	}
12834
12835	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
12836	       MIN(sizeof(lun->pending_sense[initidx]),
12837	       sizeof(io->scsiio.sense_data)));
12838	ctl_set_mask(lun->have_ca, initidx);
12839	mtx_unlock(&lun->lun_lock);
12840
12841bailout:
12842	mtx_unlock(&softc->ctl_lock);
12843
12844	ctl_free_io(io);
12845
12846	return (CTL_RETVAL_COMPLETE);
12847}
12848#endif
12849
12850/*
12851 * Primary command inlet from frontend ports.  All SCSI and task I/O
12852 * requests must go through this function.
12853 */
12854int
12855ctl_queue(union ctl_io *io)
12856{
12857	struct ctl_port *port;
12858
12859	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
12860
12861#ifdef CTL_TIME_IO
12862	io->io_hdr.start_time = time_uptime;
12863	getbinuptime(&io->io_hdr.start_bt);
12864#endif /* CTL_TIME_IO */
12865
12866	/* Map FE-specific LUN ID into global one. */
12867	port = ctl_io_port(&io->io_hdr);
12868	io->io_hdr.nexus.targ_mapped_lun =
12869	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12870
12871	switch (io->io_hdr.io_type) {
12872	case CTL_IO_SCSI:
12873	case CTL_IO_TASK:
12874		if (ctl_debug & CTL_DEBUG_CDB)
12875			ctl_io_print(io);
12876		ctl_enqueue_incoming(io);
12877		break;
12878	default:
12879		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
12880		return (EINVAL);
12881	}
12882
12883	return (CTL_RETVAL_COMPLETE);
12884}
12885
12886#ifdef CTL_IO_DELAY
12887static void
12888ctl_done_timer_wakeup(void *arg)
12889{
12890	union ctl_io *io;
12891
12892	io = (union ctl_io *)arg;
12893	ctl_done(io);
12894}
12895#endif /* CTL_IO_DELAY */
12896
12897void
12898ctl_serseq_done(union ctl_io *io)
12899{
12900	struct ctl_lun *lun;
12901
12902	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12903	if (lun->be_lun == NULL ||
12904	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
12905		return;
12906	mtx_lock(&lun->lun_lock);
12907	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
12908	ctl_check_blocked(lun);
12909	mtx_unlock(&lun->lun_lock);
12910}
12911
12912void
12913ctl_done(union ctl_io *io)
12914{
12915
12916	/*
12917	 * Enable this to catch duplicate completion issues.
12918	 */
12919#if 0
12920	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
12921		printf("%s: type %d msg %d cdb %x iptl: "
12922		       "%u:%u:%u tag 0x%04x "
12923		       "flag %#x status %x\n",
12924			__func__,
12925			io->io_hdr.io_type,
12926			io->io_hdr.msg_type,
12927			io->scsiio.cdb[0],
12928			io->io_hdr.nexus.initid,
12929			io->io_hdr.nexus.targ_port,
12930			io->io_hdr.nexus.targ_lun,
12931			(io->io_hdr.io_type ==
12932			CTL_IO_TASK) ?
12933			io->taskio.tag_num :
12934			io->scsiio.tag_num,
12935		        io->io_hdr.flags,
12936			io->io_hdr.status);
12937	} else
12938		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
12939#endif
12940
12941	/*
12942	 * This is an internal copy of an I/O, and should not go through
12943	 * the normal done processing logic.
12944	 */
12945	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
12946		return;
12947
12948#ifdef CTL_IO_DELAY
12949	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12950		struct ctl_lun *lun;
12951
12952		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12953
12954		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12955	} else {
12956		struct ctl_lun *lun;
12957
12958		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12959
12960		if ((lun != NULL)
12961		 && (lun->delay_info.done_delay > 0)) {
12962
12963			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12964			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12965			callout_reset(&io->io_hdr.delay_callout,
12966				      lun->delay_info.done_delay * hz,
12967				      ctl_done_timer_wakeup, io);
12968			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
12969				lun->delay_info.done_delay = 0;
12970			return;
12971		}
12972	}
12973#endif /* CTL_IO_DELAY */
12974
12975	ctl_enqueue_done(io);
12976}
12977
12978static void
12979ctl_work_thread(void *arg)
12980{
12981	struct ctl_thread *thr = (struct ctl_thread *)arg;
12982	struct ctl_softc *softc = thr->ctl_softc;
12983	union ctl_io *io;
12984	int retval;
12985
12986	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
12987
12988	for (;;) {
12989		/*
12990		 * We handle the queues in this order:
12991		 * - ISC
12992		 * - done queue (to free up resources, unblock other commands)
12993		 * - RtR queue
12994		 * - incoming queue
12995		 *
12996		 * If those queues are empty, we break out of the loop and
12997		 * go to sleep.
12998		 */
12999		mtx_lock(&thr->queue_lock);
13000		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13001		if (io != NULL) {
13002			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13003			mtx_unlock(&thr->queue_lock);
13004			ctl_handle_isc(io);
13005			continue;
13006		}
13007		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13008		if (io != NULL) {
13009			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13010			/* clear any blocked commands, call fe_done */
13011			mtx_unlock(&thr->queue_lock);
13012			ctl_process_done(io);
13013			continue;
13014		}
13015		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13016		if (io != NULL) {
13017			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13018			mtx_unlock(&thr->queue_lock);
13019			if (io->io_hdr.io_type == CTL_IO_TASK)
13020				ctl_run_task(io);
13021			else
13022				ctl_scsiio_precheck(softc, &io->scsiio);
13023			continue;
13024		}
13025		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13026		if (io != NULL) {
13027			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13028			mtx_unlock(&thr->queue_lock);
13029			retval = ctl_scsiio(&io->scsiio);
13030			if (retval != CTL_RETVAL_COMPLETE)
13031				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13032			continue;
13033		}
13034
13035		/* Sleep until we have something to do. */
13036		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13037	}
13038}
13039
13040static void
13041ctl_lun_thread(void *arg)
13042{
13043	struct ctl_softc *softc = (struct ctl_softc *)arg;
13044	struct ctl_be_lun *be_lun;
13045
13046	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13047
13048	for (;;) {
13049		mtx_lock(&softc->ctl_lock);
13050		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13051		if (be_lun != NULL) {
13052			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13053			mtx_unlock(&softc->ctl_lock);
13054			ctl_create_lun(be_lun);
13055			continue;
13056		}
13057
13058		/* Sleep until we have something to do. */
13059		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13060		    PDROP | PRIBIO, "-", 0);
13061	}
13062}
13063
13064static void
13065ctl_thresh_thread(void *arg)
13066{
13067	struct ctl_softc *softc = (struct ctl_softc *)arg;
13068	struct ctl_lun *lun;
13069	struct scsi_da_rw_recovery_page *rwpage;
13070	struct ctl_logical_block_provisioning_page *page;
13071	const char *attr;
13072	union ctl_ha_msg msg;
13073	uint64_t thres, val;
13074	int i, e, set;
13075
13076	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13077
13078	for (;;) {
13079		mtx_lock(&softc->ctl_lock);
13080		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13081			if ((lun->flags & CTL_LUN_DISABLED) ||
13082			    (lun->flags & CTL_LUN_OFFLINE) ||
13083			    lun->backend->lun_attr == NULL)
13084				continue;
13085			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13086			    softc->ha_mode == CTL_HA_MODE_XFER)
13087				continue;
13088			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13089			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13090				continue;
13091			e = 0;
13092			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13093			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13094				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13095					continue;
13096				thres = scsi_4btoul(page->descr[i].count);
13097				thres <<= CTL_LBP_EXPONENT;
13098				switch (page->descr[i].resource) {
13099				case 0x01:
13100					attr = "blocksavail";
13101					break;
13102				case 0x02:
13103					attr = "blocksused";
13104					break;
13105				case 0xf1:
13106					attr = "poolblocksavail";
13107					break;
13108				case 0xf2:
13109					attr = "poolblocksused";
13110					break;
13111				default:
13112					continue;
13113				}
13114				mtx_unlock(&softc->ctl_lock); // XXX
13115				val = lun->backend->lun_attr(
13116				    lun->be_lun->be_lun, attr);
13117				mtx_lock(&softc->ctl_lock);
13118				if (val == UINT64_MAX)
13119					continue;
13120				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13121				    == SLBPPD_ARMING_INC)
13122					e = (val >= thres);
13123				else
13124					e = (val <= thres);
13125				if (e)
13126					break;
13127			}
13128			mtx_lock(&lun->lun_lock);
13129			if (e) {
13130				scsi_u64to8b((uint8_t *)&page->descr[i] -
13131				    (uint8_t *)page, lun->ua_tpt_info);
13132				if (lun->lasttpt == 0 ||
13133				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13134					lun->lasttpt = time_uptime;
13135					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13136					set = 1;
13137				} else
13138					set = 0;
13139			} else {
13140				lun->lasttpt = 0;
13141				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13142				set = -1;
13143			}
13144			mtx_unlock(&lun->lun_lock);
13145			if (set != 0 &&
13146			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13147				/* Send msg to other side. */
13148				bzero(&msg.ua, sizeof(msg.ua));
13149				msg.hdr.msg_type = CTL_MSG_UA;
13150				msg.hdr.nexus.initid = -1;
13151				msg.hdr.nexus.targ_port = -1;
13152				msg.hdr.nexus.targ_lun = lun->lun;
13153				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13154				msg.ua.ua_all = 1;
13155				msg.ua.ua_set = (set > 0);
13156				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13157				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13158				mtx_unlock(&softc->ctl_lock); // XXX
13159				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13160				    sizeof(msg.ua), M_WAITOK);
13161				mtx_lock(&softc->ctl_lock);
13162			}
13163		}
13164		mtx_unlock(&softc->ctl_lock);
13165		pause("-", CTL_LBP_PERIOD * hz);
13166	}
13167}
13168
13169static void
13170ctl_enqueue_incoming(union ctl_io *io)
13171{
13172	struct ctl_softc *softc = control_softc;
13173	struct ctl_thread *thr;
13174	u_int idx;
13175
13176	idx = (io->io_hdr.nexus.targ_port * 127 +
13177	       io->io_hdr.nexus.initid) % worker_threads;
13178	thr = &softc->threads[idx];
13179	mtx_lock(&thr->queue_lock);
13180	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13181	mtx_unlock(&thr->queue_lock);
13182	wakeup(thr);
13183}
13184
13185static void
13186ctl_enqueue_rtr(union ctl_io *io)
13187{
13188	struct ctl_softc *softc = control_softc;
13189	struct ctl_thread *thr;
13190
13191	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13192	mtx_lock(&thr->queue_lock);
13193	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13194	mtx_unlock(&thr->queue_lock);
13195	wakeup(thr);
13196}
13197
13198static void
13199ctl_enqueue_done(union ctl_io *io)
13200{
13201	struct ctl_softc *softc = control_softc;
13202	struct ctl_thread *thr;
13203
13204	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13205	mtx_lock(&thr->queue_lock);
13206	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13207	mtx_unlock(&thr->queue_lock);
13208	wakeup(thr);
13209}
13210
13211static void
13212ctl_enqueue_isc(union ctl_io *io)
13213{
13214	struct ctl_softc *softc = control_softc;
13215	struct ctl_thread *thr;
13216
13217	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13218	mtx_lock(&thr->queue_lock);
13219	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13220	mtx_unlock(&thr->queue_lock);
13221	wakeup(thr);
13222}
13223
13224/*
13225 *  vim: ts=8
13226 */
13227